From 7047067ea4d969071e28691c82cba09bfe58bd6f Mon Sep 17 00:00:00 2001 From: Inna Palant Date: Wed, 15 Feb 2023 19:07:52 -0800 Subject: [PATCH 001/321] Initial empty repository From bff99af2da95d93e8182fb54546a3fec956aa5d2 Mon Sep 17 00:00:00 2001 From: Robin Peng Date: Tue, 28 Mar 2023 10:20:50 +0000 Subject: [PATCH 002/321] init zumapro from zuma sha 43d5907677d0f Bug: 272725898 Change-Id: If35d9efdda9dd3b8d8b24008f0738a0cbbe5bd9b --- OWNERS | 3 + bug_map | 1 + legacy/private/property_contexts | 5 + legacy/system_ext/private/property_contexts | 2 + legacy/system_ext/public/property.te | 2 + legacy/whitechapel_pro/attributes | 1 + .../certs/EuiccSupportPixel.x509.pem | 29 ++ .../certs/com_qorvo_uwb.x509.pem | 29 ++ legacy/whitechapel_pro/device.te | 9 + legacy/whitechapel_pro/file.te | 36 ++ legacy/whitechapel_pro/file_contexts | 56 ++ legacy/whitechapel_pro/genfs_contexts | 78 +++ legacy/whitechapel_pro/keys.conf | 5 + legacy/whitechapel_pro/mac_permissions.xml | 30 ++ legacy/whitechapel_pro/property.te | 17 + legacy/whitechapel_pro/property_contexts | 25 + legacy/whitechapel_pro/service.te | 1 + legacy/whitechapel_pro/service_contexts | 1 + legacy/whitechapel_pro/te_macros | 14 + legacy/whitechapel_pro/vndservice.te | 1 + legacy/whitechapel_pro/vndservice_contexts | 1 + private/odrefresh.te | 4 + radio/bipchmgr.te | 9 + radio/cat_engine_service_app.te | 8 + radio/cbd.te | 60 +++ radio/cbrs_setup.te | 13 + radio/certs/com_google_mds.x509.pem | 29 ++ radio/device.te | 4 + radio/dmd.te | 32 ++ radio/file.te | 40 ++ radio/file_contexts | 41 ++ radio/fsck.te | 4 + radio/genfs_contexts | 11 + radio/gpsd.te | 7 + radio/grilservice_app.te | 15 + radio/hal_radioext_default.te | 21 + radio/hwservice.te | 9 + radio/hwservice_contexts | 8 + radio/hwservicemanager.te | 1 + radio/init.te | 4 + radio/init_radio.te | 8 + radio/keys.conf | 3 + radio/logger_app.te | 27 + radio/mac_permissions.xml | 27 + radio/modem_diagnostic_app.te | 37 ++ radio/modem_logging_control.te | 17 + radio/modem_ml_svc_sit.te | 22 + radio/modem_svc_sit.te | 35 ++ radio/oemrilservice_app.te | 9 + radio/private/radio.te | 1 + radio/private/service_contexts | 2 + radio/property.te | 16 + radio/property_contexts | 59 +++ radio/radio.te | 6 + radio/rfsd.te | 36 ++ radio/rild.te | 40 ++ radio/sced.te | 23 + radio/seapp_contexts | 30 ++ radio/ssr_detector.te | 24 + radio/vcd.te | 13 + radio/vendor_engineermode_app.te | 12 + radio/vendor_ims_app.te | 20 + radio/vendor_init.te | 6 + radio/vendor_qualifiednetworks_app.te | 5 + radio/vendor_rcs_app.te | 9 + radio/vendor_silentlogging_remote_app.te | 13 + radio/vendor_telephony_debug_app.te | 20 + radio/vendor_telephony_silentlogging_app.te | 21 + radio/vendor_telephony_test_app.te | 4 + radio/vold.te | 4 + system_ext/private/platform_app.te | 2 + tracking_denials/README.txt | 2 + tracking_denials/bootanim.te | 2 + tracking_denials/bug_map | 56 ++ tracking_denials/chre.te | 4 + tracking_denials/con_monitor_app.te | 36 ++ tracking_denials/fastbootd.te | 4 + tracking_denials/gmscore_app.te | 10 + tracking_denials/google_camera_app.te | 29 ++ tracking_denials/hal_camera_default.te | 4 + tracking_denials/hal_contexthub_default.te | 7 + tracking_denials/hal_neuralnetworks_armnn.te | 16 + tracking_denials/hal_power_default.te | 3 + tracking_denials/hal_sensors_default.te | 3 + tracking_denials/hal_usb_impl.te | 2 + tracking_denials/hwservicemanager.te | 4 + tracking_denials/incidentd.te | 3 + tracking_denials/installd.te | 6 + tracking_denials/kernel.te | 7 + tracking_denials/logd.te | 7 + tracking_denials/priv_app.te | 21 + .../rebalance_interrupts_vendor.te | 6 + tracking_denials/recovery.te | 4 + tracking_denials/servicemanager.te | 6 + tracking_denials/ssr_detector_app.te | 6 + tracking_denials/system_suspend.te | 2 + tracking_denials/systemui.te | 4 + tracking_denials/systemui_app.te | 2 + tracking_denials/tcpdump_logger.te | 4 + tracking_denials/update_engine.te | 2 + tracking_denials/vendor_init.te | 3 + vendor/audioserver.te | 2 + vendor/bootanim.te | 1 + vendor/cccdk_timesync_app.te | 7 + vendor/certs/app.x509.pem | 27 + vendor/certs/camera_eng.x509.pem | 17 + vendor/certs/camera_fishfood.x509.pem | 15 + vendor/chre.te | 16 + vendor/con_monitor_app.te | 3 + vendor/debug_camera_app.te | 23 + vendor/device.te | 18 + vendor/domain.te | 5 + vendor/dump_cma.te | 7 + vendor/dump_gsa.te | 6 + vendor/dump_power.te | 34 ++ vendor/dump_wlan.te | 3 + vendor/dumpstate.te | 12 + vendor/e2fs.te | 8 + vendor/euiccpixel_app.te | 21 + vendor/file.te | 48 ++ vendor/file_contexts | 167 ++++++ vendor/fsck.te | 5 + vendor/genfs_contexts | 484 ++++++++++++++++++ vendor/google_camera_app.te | 8 + vendor/gxp_logging.te | 10 + vendor/hal_bluetooth_btlinux.te | 6 + vendor/hal_bootctl_default.te | 3 + vendor/hal_camera_default.te | 90 ++++ vendor/hal_fingerprint_default.te | 39 ++ vendor/hal_graphics_allocator_default.te | 4 + vendor/hal_graphics_composer_default.te | 43 ++ vendor/hal_health_default.te | 16 + vendor/hal_nfc_default.te | 5 + vendor/hal_power_default.te | 7 + vendor/hal_power_stats_default.te | 18 + vendor/hal_radioext_default.te | 1 + vendor/hal_secure_element_st54spi.te | 7 + vendor/hal_secure_element_uicc.te | 12 + vendor/hal_sensors_default.te | 58 +++ vendor/hal_thermal_default.te | 2 + vendor/hal_usb_gadget_impl.te | 20 + vendor/hal_usb_impl.te | 16 + vendor/hal_uwb_vendor_default.te | 5 + vendor/hal_wifi_ext.te | 9 + vendor/hal_wireless_charger.te | 7 + vendor/hwservice.te | 2 + vendor/hwservice_contexts | 2 + vendor/init.te | 13 + vendor/insmod-sh.te | 2 + vendor/kernel.te | 15 + vendor/keys.conf | 8 + vendor/mac_permissions.xml | 33 ++ vendor/mediacodec_google.te | 35 ++ vendor/ofl_app.te | 17 + vendor/pixeldisplayservice_app.te | 14 + vendor/pixelstats_vendor.te | 23 + vendor/platform_app.te | 3 + vendor/property.te | 12 + vendor/property_contexts | 19 + vendor/ramdump_app.te | 24 + vendor/rlsservice.te | 32 ++ vendor/seapp_contexts | 38 ++ vendor/service.te | 6 + vendor/service_contexts | 5 + vendor/shell.te | 2 + vendor/surfaceflinger.te | 1 + vendor/system_app.te | 3 + vendor/system_server.te | 5 + vendor/systemui_app.te | 24 + vendor/tcpdump_logger.te | 5 + vendor/tee.te | 17 + vendor/toolbox.te | 3 + vendor/trusty_apploader.te | 7 + vendor/trusty_metricsd.te | 11 + vendor/twoshay.te | 2 + vendor/ufs_firmware_update.te | 12 + vendor/update_engine.te | 2 + vendor/uwb_vendor_app.te | 4 + vendor/vendor_init.te | 31 ++ vendor/vendor_uwb_init.te | 4 + vendor/vndservice.te | 1 + vendor/vndservice_contexts | 1 + vendor/wifi_sniffer.te | 4 + widevine/file.te | 3 + widevine/file_contexts | 5 + widevine/hal_drm_clearkey.te | 5 + widevine/hal_drm_widevine.te | 12 + widevine/service_contexts | 1 + zumapro-sepolicy.mk | 23 + 189 files changed, 3288 insertions(+) create mode 100644 OWNERS create mode 100644 bug_map create mode 100644 legacy/private/property_contexts create mode 100644 legacy/system_ext/private/property_contexts create mode 100644 legacy/system_ext/public/property.te create mode 100644 legacy/whitechapel_pro/attributes create mode 100644 legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem create mode 100644 legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem create mode 100644 legacy/whitechapel_pro/device.te create mode 100644 legacy/whitechapel_pro/file.te create mode 100644 legacy/whitechapel_pro/file_contexts create mode 100644 legacy/whitechapel_pro/genfs_contexts create mode 100644 legacy/whitechapel_pro/keys.conf create mode 100644 legacy/whitechapel_pro/mac_permissions.xml create mode 100644 legacy/whitechapel_pro/property.te create mode 100644 legacy/whitechapel_pro/property_contexts create mode 100644 legacy/whitechapel_pro/service.te create mode 100644 legacy/whitechapel_pro/service_contexts create mode 100644 legacy/whitechapel_pro/te_macros create mode 100644 legacy/whitechapel_pro/vndservice.te create mode 100644 legacy/whitechapel_pro/vndservice_contexts create mode 100644 private/odrefresh.te create mode 100644 radio/bipchmgr.te create mode 100644 radio/cat_engine_service_app.te create mode 100644 radio/cbd.te create mode 100644 radio/cbrs_setup.te create mode 100644 radio/certs/com_google_mds.x509.pem create mode 100644 radio/device.te create mode 100644 radio/dmd.te create mode 100644 radio/file.te create mode 100644 radio/file_contexts create mode 100644 radio/fsck.te create mode 100644 radio/genfs_contexts create mode 100644 radio/gpsd.te create mode 100644 radio/grilservice_app.te create mode 100644 radio/hal_radioext_default.te create mode 100644 radio/hwservice.te create mode 100644 radio/hwservice_contexts create mode 100644 radio/hwservicemanager.te create mode 100644 radio/init.te create mode 100644 radio/init_radio.te create mode 100644 radio/keys.conf create mode 100644 radio/logger_app.te create mode 100644 radio/mac_permissions.xml create mode 100644 radio/modem_diagnostic_app.te create mode 100644 radio/modem_logging_control.te create mode 100644 radio/modem_ml_svc_sit.te create mode 100644 radio/modem_svc_sit.te create mode 100644 radio/oemrilservice_app.te create mode 100644 radio/private/radio.te create mode 100644 radio/private/service_contexts create mode 100644 radio/property.te create mode 100644 radio/property_contexts create mode 100644 radio/radio.te create mode 100644 radio/rfsd.te create mode 100644 radio/rild.te create mode 100644 radio/sced.te create mode 100644 radio/seapp_contexts create mode 100644 radio/ssr_detector.te create mode 100644 radio/vcd.te create mode 100644 radio/vendor_engineermode_app.te create mode 100644 radio/vendor_ims_app.te create mode 100644 radio/vendor_init.te create mode 100644 radio/vendor_qualifiednetworks_app.te create mode 100644 radio/vendor_rcs_app.te create mode 100644 radio/vendor_silentlogging_remote_app.te create mode 100644 radio/vendor_telephony_debug_app.te create mode 100644 radio/vendor_telephony_silentlogging_app.te create mode 100644 radio/vendor_telephony_test_app.te create mode 100644 radio/vold.te create mode 100644 system_ext/private/platform_app.te create mode 100644 tracking_denials/README.txt create mode 100644 tracking_denials/bootanim.te create mode 100644 tracking_denials/bug_map create mode 100644 tracking_denials/chre.te create mode 100644 tracking_denials/con_monitor_app.te create mode 100644 tracking_denials/fastbootd.te create mode 100644 tracking_denials/gmscore_app.te create mode 100644 tracking_denials/google_camera_app.te create mode 100644 tracking_denials/hal_camera_default.te create mode 100644 tracking_denials/hal_contexthub_default.te create mode 100644 tracking_denials/hal_neuralnetworks_armnn.te create mode 100644 tracking_denials/hal_power_default.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/hal_usb_impl.te create mode 100644 tracking_denials/hwservicemanager.te create mode 100644 tracking_denials/incidentd.te create mode 100644 tracking_denials/installd.te create mode 100644 tracking_denials/kernel.te create mode 100644 tracking_denials/logd.te create mode 100644 tracking_denials/priv_app.te create mode 100644 tracking_denials/rebalance_interrupts_vendor.te create mode 100644 tracking_denials/recovery.te create mode 100644 tracking_denials/servicemanager.te create mode 100644 tracking_denials/ssr_detector_app.te create mode 100644 tracking_denials/system_suspend.te create mode 100644 tracking_denials/systemui.te create mode 100644 tracking_denials/systemui_app.te create mode 100644 tracking_denials/tcpdump_logger.te create mode 100644 tracking_denials/update_engine.te create mode 100644 tracking_denials/vendor_init.te create mode 100644 vendor/audioserver.te create mode 100644 vendor/bootanim.te create mode 100644 vendor/cccdk_timesync_app.te create mode 100644 vendor/certs/app.x509.pem create mode 100644 vendor/certs/camera_eng.x509.pem create mode 100644 vendor/certs/camera_fishfood.x509.pem create mode 100644 vendor/chre.te create mode 100644 vendor/con_monitor_app.te create mode 100644 vendor/debug_camera_app.te create mode 100644 vendor/device.te create mode 100644 vendor/domain.te create mode 100644 vendor/dump_cma.te create mode 100644 vendor/dump_gsa.te create mode 100644 vendor/dump_power.te create mode 100644 vendor/dump_wlan.te create mode 100644 vendor/dumpstate.te create mode 100644 vendor/e2fs.te create mode 100644 vendor/euiccpixel_app.te create mode 100644 vendor/file.te create mode 100644 vendor/file_contexts create mode 100644 vendor/fsck.te create mode 100644 vendor/genfs_contexts create mode 100644 vendor/google_camera_app.te create mode 100644 vendor/gxp_logging.te create mode 100644 vendor/hal_bluetooth_btlinux.te create mode 100644 vendor/hal_bootctl_default.te create mode 100644 vendor/hal_camera_default.te create mode 100644 vendor/hal_fingerprint_default.te create mode 100644 vendor/hal_graphics_allocator_default.te create mode 100644 vendor/hal_graphics_composer_default.te create mode 100644 vendor/hal_health_default.te create mode 100644 vendor/hal_nfc_default.te create mode 100644 vendor/hal_power_default.te create mode 100644 vendor/hal_power_stats_default.te create mode 100644 vendor/hal_radioext_default.te create mode 100644 vendor/hal_secure_element_st54spi.te create mode 100644 vendor/hal_secure_element_uicc.te create mode 100644 vendor/hal_sensors_default.te create mode 100644 vendor/hal_thermal_default.te create mode 100644 vendor/hal_usb_gadget_impl.te create mode 100644 vendor/hal_usb_impl.te create mode 100644 vendor/hal_uwb_vendor_default.te create mode 100644 vendor/hal_wifi_ext.te create mode 100644 vendor/hal_wireless_charger.te create mode 100644 vendor/hwservice.te create mode 100644 vendor/hwservice_contexts create mode 100644 vendor/init.te create mode 100644 vendor/insmod-sh.te create mode 100644 vendor/kernel.te create mode 100644 vendor/keys.conf create mode 100644 vendor/mac_permissions.xml create mode 100644 vendor/mediacodec_google.te create mode 100644 vendor/ofl_app.te create mode 100644 vendor/pixeldisplayservice_app.te create mode 100644 vendor/pixelstats_vendor.te create mode 100644 vendor/platform_app.te create mode 100644 vendor/property.te create mode 100644 vendor/property_contexts create mode 100644 vendor/ramdump_app.te create mode 100644 vendor/rlsservice.te create mode 100644 vendor/seapp_contexts create mode 100644 vendor/service.te create mode 100644 vendor/service_contexts create mode 100644 vendor/shell.te create mode 100644 vendor/surfaceflinger.te create mode 100644 vendor/system_app.te create mode 100644 vendor/system_server.te create mode 100644 vendor/systemui_app.te create mode 100644 vendor/tcpdump_logger.te create mode 100644 vendor/tee.te create mode 100644 vendor/toolbox.te create mode 100644 vendor/trusty_apploader.te create mode 100644 vendor/trusty_metricsd.te create mode 100644 vendor/twoshay.te create mode 100644 vendor/ufs_firmware_update.te create mode 100644 vendor/update_engine.te create mode 100644 vendor/uwb_vendor_app.te create mode 100644 vendor/vendor_init.te create mode 100644 vendor/vendor_uwb_init.te create mode 100644 vendor/vndservice.te create mode 100644 vendor/vndservice_contexts create mode 100644 vendor/wifi_sniffer.te create mode 100644 widevine/file.te create mode 100644 widevine/file_contexts create mode 100644 widevine/hal_drm_clearkey.te create mode 100644 widevine/hal_drm_widevine.te create mode 100644 widevine/service_contexts create mode 100644 zumapro-sepolicy.mk diff --git a/OWNERS b/OWNERS new file mode 100644 index 0000000..791abb4 --- /dev/null +++ b/OWNERS @@ -0,0 +1,3 @@ +include platform/system/sepolicy:/OWNERS + +rurumihong@google.com diff --git a/bug_map b/bug_map new file mode 100644 index 0000000..c15cd11 --- /dev/null +++ b/bug_map @@ -0,0 +1 @@ +vendor_init device_config_configuration_prop property_service b/267843409 diff --git a/legacy/private/property_contexts b/legacy/private/property_contexts new file mode 100644 index 0000000..abcdd41 --- /dev/null +++ b/legacy/private/property_contexts @@ -0,0 +1,5 @@ +# Boot animation dynamic colors +persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts new file mode 100644 index 0000000..9f462bd --- /dev/null +++ b/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te new file mode 100644 index 0000000..8908e48 --- /dev/null +++ b/legacy/system_ext/public/property.te @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/whitechapel_pro/attributes b/legacy/whitechapel_pro/attributes new file mode 100644 index 0000000..7e6def7 --- /dev/null +++ b/legacy/whitechapel_pro/attributes @@ -0,0 +1 @@ +attribute vendor_persist_type; diff --git a/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem new file mode 100644 index 0000000..d11ad3d --- /dev/null +++ b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIF2zCCA8OgAwIBAgIVAIFP2e+Gh4wn4YFsSI7fRB6AXjIsMA0GCSqGSIb3DQEBCwUAMH4xCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw +EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEaMBgGA1UEAxMRRXVpY2NTdXBw +b3J0UGl4ZWwwHhcNMTkwMjI4MTkyMjE4WhcNNDkwMjI4MTkyMjE4WjB+MQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29v +Z2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxGjAYBgNVBAMTEUV1aWNjU3VwcG9ydFBpeGVsMIIC +IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqklePqeltzqnyXVch9eJRXFBRQQIBIJWhcXb +WIP/kZ28ISnQ2SrZisdxqtvRIeInxb7lU1rRQDfqCFSp/vMZ3l25Ryn6OVLFP4bxV1vO797t7Ef/ +amYA1mFKBsD4KLaIGj0/2RpGesneCOb0jWl2yRgIO2Ez7Y4YgWU/IoickZDLp1u6/7e7E/Qq9OXK +aXvtBSzooGrYC7eyKn7O21FOfz5cQRo4BipjJqXG5Ez8Vi+m/dL1IFRZheYttEf3v390vBcb0oJ0 +oYPzLxmnb1LchjZC3yLAknRA0hNt8clvJ3tjXFjtzCGKsQsT4rnvvGFFABJTCf3EdEiwBNS5U4ho ++9+EtH7PpuoC+uVv2rLv/Gb7stlGQGx32KmK2CfKED3PdNqoT7WRx6nvVjCk3i7afdUcxQxcS9td +5r80CB1bQEhS2sWLWB21PJrfMugWUJO5Bwz6u0es8dP+4FAHojIaF6iwB5ZYIuHGcEaOviHm4jOK +rrGMlLqTwuEhq2aVIP55u7XRV98JLs2hlE5DJOWCIsPxybUDiddFvR+yzi/4FimsxJlEmaQAQcki +uJ9DceVP03StPzFJSDRlqa4yF6xkZW5piNoANQ4MyI67V2Qf8g/L1UPYAi4hUMxQGo7Clw2hBRag +ZTm65Xc7+ovBYxl5YaXAmNoJbss34Lw8tdrn4EECAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNV +HQ4EFgQU+hQdFrOGuCDI+bbebssw9TL5FcYwHwYDVR0jBBgwFoAU+hQdFrOGuCDI+bbebssw9TL5 +FcYwDQYJKoZIhvcNAQELBQADggIBAGmyZHXddei/zUUMowiyi/MTtqXf9hKDEN4zhAXkuiuHxqA9 +Ii0J1Sxz2dd5NkqMmtePKYFSGA884yVm1KAne/uoCWj57IK3jswiRYnKhXa293DxA/K9wY27IGbp +ulSuuxbpjjV2tqGUuoNQGKX7Oy6s0GcibyZFc+LpD7ttGk5QoLC9qQdpXZgUv/yG2B99ERSXLCaL +EWMNP/oVZQOCQGfsFM1fPLn3X0ZuCOQg9bljxFf3jTl+H6PIAhpCjKeeUQYLc41eQkCyR/f67aRB +GvO4YDpXLn9eH23B+26rjPyFiVtMJ/jJZ7UEPeJ3XBj1COS/X7p9gGRS5rtfr9z7XxuMxvG0JU9U +XA+bMfOOfCqflvw6IyUg+oxjBFIhgiP4fxna51+BqpctvB0OeRwUm6y4nN06AwqtD8SteQrEn0b0 +IDWOKlVeh0lJWrDDEHr55dXSF+CbOPUDmMxmGoulOEOy/qSWIQi8BfvdX+e88CmracNRYVffLuQj +pRYN3TeiCJd+6/X9/x1Q8VLW7vOAb6uRyE2lOjX40DYBxK3xSq6J7Vp38f6z0vtQm2sAAQ4xqqon +A9tB5p+nJlYHgSxXOZx3C13Rs/eMmiGCKkSpCTnGCgBC7PfJDdMK6SLw5Gn4oyGoZo4fXbADuHrU +0JD1T1qdCm3aUSEmFgEA4rOL/0K3 +-----END CERTIFICATE----- diff --git a/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem new file mode 100644 index 0000000..0e7c9ed --- /dev/null +++ b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw +EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv +X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR +BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds +ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa +IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW +fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ +KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW +BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s +ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X +QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG +gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj +RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn +iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU +EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ +KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t +fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z +0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe +cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0 +6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg +NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY +ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp +BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh +NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz +lHV8gmlwBAuAx9ITcTJr +-----END CERTIFICATE----- diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te new file mode 100644 index 0000000..c45efc2 --- /dev/null +++ b/legacy/whitechapel_pro/device.te @@ -0,0 +1,9 @@ +type sda_block_device, dev_type; +type sg_device, dev_type; +type vendor_toe_device, dev_type; +type lwis_device, dev_type; +type rls_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; + diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te new file mode 100644 index 0000000..38d3dc8 --- /dev/null +++ b/legacy/whitechapel_pro/file.te @@ -0,0 +1,36 @@ +# Data +type updated_wifi_firmware_data_file, file_type, data_file_type; +type tcpdump_vendor_data_file, file_type, data_file_type; +type vendor_misc_data_file, file_type, data_file_type; +type per_boot_file, file_type, data_file_type, core_data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; +type powerstats_vendor_data_file, file_type, data_file_type; +type sensor_debug_data_file, file_type, data_file_type; +userdebug_or_eng(` + typeattribute tcpdump_vendor_data_file mlstrustedobject; +') + +# sysfs +type bootdevice_sysdev, dev_type; +type sysfs_wifi, sysfs_type, fs_type; +type sysfs_bcmdhd, sysfs_type, fs_type; +type sysfs_chargelevel, sysfs_type, fs_type; +type sysfs_camera, sysfs_type, fs_type; + +# debugfs +type vendor_regmap_debugfs, fs_type, debugfs_type; + +# persist +type persist_ss_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; + +# Storage Health HAL +type proc_f2fs, proc_type, fs_type; + +# Vendor tools +type vendor_dumpsys, vendor_file_type, file_type; + +# USB-C throttling stats +type sysfs_usbc_throttling_stats, sysfs_type, fs_type; + diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts new file mode 100644 index 0000000..ea564ed --- /dev/null +++ b/legacy/whitechapel_pro/file_contexts @@ -0,0 +1,56 @@ +# Binaries +/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 +/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 + +# Vendor libraries +/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 + +# Graphics +/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 + +# Devices +/dev/ttySAC0 u:object_r:tty_device:s0 +/dev/bigwave u:object_r:video_device:s0 +/dev/watchdog0 u:object_r:watchdog_device:s0 +/dev/dri/card0 u:object_r:graphics_device:s0 +/dev/fimg2d u:object_r:graphics_device:s0 +/dev/g2d u:object_r:graphics_device:s0 +/dev/dit2 u:object_r:vendor_toe_device:s0 +/dev/sg1 u:object_r:sg_device:s0 +/dev/st21nfc u:object_r:nfc_device:s0 +/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 +/dev/socket/chre u:object_r:chre_socket:s0 +/dev/block/sda u:object_r:sda_block_device:s0 + +# Data +/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 +/data/nfc(/.*)? u:object_r:nfc_data_file:s0 +/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 +/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 +/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 +/data/per_boot(/.*)? u:object_r:per_boot_file:s0 +/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +/dev/battery_history u:object_r:battery_history_device:s0 +/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 + +# Persist +/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 + +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts new file mode 100644 index 0000000..dccae4e --- /dev/null +++ b/legacy/whitechapel_pro/genfs_contexts @@ -0,0 +1,78 @@ +genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 +genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 + +# tracefs +genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0 + +# WiFi +genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 + +# Broadcom +genfscon sysfs /module/bcmdhd4389 u:object_r:sysfs_bcmdhd:s0 + +# GPU +genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0 + +# Fabric +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0 + +# sscoredump (per device) +genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 + +# Storage +genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 +genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 + +# debugfs +genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 + +# Haptics +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 +genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 + +# Thermal +genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100a0000.BIG u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100a0000.ISP u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.G3D u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0 + +genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 + +genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0 + +# Camera +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 + +# USB-C throttling stats +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 + +# Coresight ETM +genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2ba40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bb40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0 + diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..76ea843 --- /dev/null +++ b/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/mac_permissions.xml b/legacy/whitechapel_pro/mac_permissions.xml new file mode 100644 index 0000000..956da95 --- /dev/null +++ b/legacy/whitechapel_pro/mac_permissions.xml @@ -0,0 +1,30 @@ + + + + + + + + + + + + diff --git a/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te new file mode 100644 index 0000000..e3a8d4b --- /dev/null +++ b/legacy/whitechapel_pro/property.te @@ -0,0 +1,17 @@ +vendor_internal_prop(vendor_nfc_prop) +vendor_internal_prop(vendor_secure_element_prop) +vendor_internal_prop(vendor_battery_profile_prop) +vendor_internal_prop(vendor_camera_prop) +vendor_internal_prop(vendor_camera_fatp_prop) +vendor_internal_prop(vendor_ro_sys_default_prop) +vendor_internal_prop(vendor_persist_sys_default_prop) +vendor_internal_prop(vendor_display_prop) + +# UWB calibration +system_vendor_config_prop(vendor_uwb_calibration_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) + +# Mali Integration +vendor_public_prop(vendor_arm_runtime_option_prop) diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts new file mode 100644 index 0000000..6faf239 --- /dev/null +++ b/legacy/whitechapel_pro/property_contexts @@ -0,0 +1,25 @@ +# test battery profile +persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0 + +# NFC +persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 + +# SecureElement +persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 + +# for display +ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 +persist.vendor.display. u:object_r:vendor_display_prop:s0 + +# vendor default +ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0 +persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0 + +#uwb +ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 + +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix diff --git a/legacy/whitechapel_pro/service.te b/legacy/whitechapel_pro/service.te new file mode 100644 index 0000000..21f7c51 --- /dev/null +++ b/legacy/whitechapel_pro/service.te @@ -0,0 +1 @@ +type hal_uwb_vendor_service, service_manager_type, hal_service_type; diff --git a/legacy/whitechapel_pro/service_contexts b/legacy/whitechapel_pro/service_contexts new file mode 100644 index 0000000..d4777d1 --- /dev/null +++ b/legacy/whitechapel_pro/service_contexts @@ -0,0 +1 @@ +hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 diff --git a/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros new file mode 100644 index 0000000..01ac13c --- /dev/null +++ b/legacy/whitechapel_pro/te_macros @@ -0,0 +1,14 @@ +# +# USF SELinux type enforcement macros. +# + +# +# usf_low_latency_transport(domain) +# +# Allows domain use of the USF low latency transport. +# +define(`usf_low_latency_transport', ` + allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; + hal_client_domain($1, hal_graphics_allocator) +') + diff --git a/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te new file mode 100644 index 0000000..4c4dd7a --- /dev/null +++ b/legacy/whitechapel_pro/vndservice.te @@ -0,0 +1 @@ +type rls_service, vndservice_manager_type; diff --git a/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts new file mode 100644 index 0000000..66cab48 --- /dev/null +++ b/legacy/whitechapel_pro/vndservice_contexts @@ -0,0 +1 @@ +rlsservice u:object_r:rls_service:s0 diff --git a/private/odrefresh.te b/private/odrefresh.te new file mode 100644 index 0000000..83b1e63 --- /dev/null +++ b/private/odrefresh.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` + permissive odrefresh; + dontaudit odrefresh property_type:file *; +') diff --git a/radio/bipchmgr.te b/radio/bipchmgr.te new file mode 100644 index 0000000..9298e32 --- /dev/null +++ b/radio/bipchmgr.te @@ -0,0 +1,9 @@ +type bipchmgr, domain; +type bipchmgr_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(bipchmgr) + +get_prop(bipchmgr, hwservicemanager_prop); + +allow bipchmgr hal_exynos_rild_hwservice:hwservice_manager find; +hwbinder_use(bipchmgr) +binder_call(bipchmgr, rild) diff --git a/radio/cat_engine_service_app.te b/radio/cat_engine_service_app.te new file mode 100644 index 0000000..eacf962 --- /dev/null +++ b/radio/cat_engine_service_app.te @@ -0,0 +1,8 @@ +type cat_engine_service_app, domain; + +userdebug_or_eng(` + app_domain(cat_engine_service_app) + get_prop(cat_engine_service_app, vendor_rild_prop) + allow cat_engine_service_app app_api_service:service_manager find; + allow cat_engine_service_app system_app_data_file:dir r_dir_perms; +') diff --git a/radio/cbd.te b/radio/cbd.te new file mode 100644 index 0000000..6827772 --- /dev/null +++ b/radio/cbd.te @@ -0,0 +1,60 @@ +type cbd, domain; +type cbd_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(cbd) + +set_prop(cbd, vendor_modem_prop) +set_prop(cbd, vendor_cbd_prop) +set_prop(cbd, vendor_rild_prop) + +allow cbd mnt_vendor_file:dir r_dir_perms; + +allow cbd kmsg_device:chr_file rw_file_perms; + +allow cbd vendor_shell_exec:file execute_no_trans; +allow cbd vendor_toolbox_exec:file execute_no_trans; + +# Allow cbd to access modem block device +allow cbd block_device:dir search; +allow cbd modem_block_device:blk_file r_file_perms; + +# Allow cbd to access sysfs chosen files +allow cbd sysfs_chosen:file r_file_perms; +allow cbd sysfs_chosen:dir r_dir_perms; + +allow cbd radio_device:chr_file rw_file_perms; + +allow cbd proc_cmdline:file r_file_perms; + +allow cbd persist_modem_file:dir create_dir_perms; +allow cbd persist_modem_file:file create_file_perms; +allow cbd persist_file:dir search; + +allow cbd radio_vendor_data_file:dir create_dir_perms; +allow cbd radio_vendor_data_file:file create_file_perms; + +# Allow cbd to operate with modem EFS file/dir +allow cbd modem_efs_file:dir create_dir_perms; +allow cbd modem_efs_file:file create_file_perms; + +# Allow cbd to operate with modem userdata file/dir +allow cbd modem_userdata_file:dir create_dir_perms; +allow cbd modem_userdata_file:file create_file_perms; + +# Allow cbd to access modem image file/dir +allow cbd modem_img_file:dir r_dir_perms; +allow cbd modem_img_file:file r_file_perms; +allow cbd modem_img_file:lnk_file r_file_perms; + +# Allow cbd to collect crash info +allow cbd sscoredump_vendor_data_crashinfo_file:dir create_dir_perms; +allow cbd sscoredump_vendor_data_crashinfo_file:file create_file_perms; + +userdebug_or_eng(` + r_dir_file(cbd, vendor_slog_file) + + allow cbd kernel:system syslog_read; + + allow cbd sscoredump_vendor_data_coredump_file:dir create_dir_perms; + allow cbd sscoredump_vendor_data_coredump_file:file create_file_perms; +') + diff --git a/radio/cbrs_setup.te b/radio/cbrs_setup.te new file mode 100644 index 0000000..1abbcff --- /dev/null +++ b/radio/cbrs_setup.te @@ -0,0 +1,13 @@ +# GoogleCBRS app +type cbrs_setup_app, domain; + +userdebug_or_eng(` + app_domain(cbrs_setup_app) + net_domain(cbrs_setup_app) + + allow cbrs_setup_app app_api_service:service_manager find; + allow cbrs_setup_app cameraserver_service:service_manager find; + allow cbrs_setup_app radio_service:service_manager find; + set_prop(cbrs_setup_app, radio_prop) + set_prop(cbrs_setup_app, vendor_rild_prop) +') diff --git a/radio/certs/com_google_mds.x509.pem b/radio/certs/com_google_mds.x509.pem new file mode 100644 index 0000000..640c6fb --- /dev/null +++ b/radio/certs/com_google_mds.x509.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIF1TCCA72gAwIBAgIVAPZ4KZV2jpxRBCoVAidCu62l3cDqMA0GCSqGSIb3DQEBCwUAMHsxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw +EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEXMBUGA1UEAwwOY29tX2dvb2ds +ZV9tZHMwHhcNMTkwNDIyMTQ1NzA1WhcNNDkwNDIyMTQ1NzA1WjB7MQswCQYDVQQGEwJVUzETMBEG +A1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEUMBIGA1UEChMLR29vZ2xl +IEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxFzAVBgNVBAMMDmNvbV9nb29nbGVfbWRzMIICIjANBgkq +hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqgNC0hhI3NzaPUllJfe01hCTuEpl35D02+DKJ5prPFxv +6KGTk6skjZOwV87Zf2pyj/cbnv28ioDjwvqMBe4ntFdKtH9gl2tTAVl69HMKXF4Iny/wnrt2mxzh +WxFUd5PuW+mWug+UQw/NGUuaf5d/yys/RrchHKM1+zBV6aOzH6BXiwDoOF2i43d5GlNQ/tFuMySW +LJftJN0QULFelxNDFFJZhw2P3c4opxjmF2yCoIiDfBEIhTZFKUbHX6YDLXmtUpXl35q+cxK4TCxP +URyzwdfiyheF3TTxagfzhvXNg/ifrY67S4qCGfzoEMPxrTz02gS0u3D6r/2+hl9vAJChLKDNdIs6 +TqIw+YnABrELiZLLFnaABnjQ7xC3xv1s3W6dWxaxnoVMtC1YvdgwhC5gSpJ4A+AGcCLv96hoeB1I +IoGV9Yt0Z97MFpXeHFpAxFZ1F9feBqwOCDbu50dmdKZvqGHZ4Ts3uy7ukDQ08dquHpT+NmqkmmW5 +GGhkuyZS3HHpU/QeVsZiyJCJBbDe5lz6NGXK56ruuF9ILeGHtldjQm40oYRc01ESScyVjSU0kpMO +C7hn1B7rKAm8xxG7eH04ieQrNnbbee7atOO4C3157W5CqujfLMeo6OCRVtcYkYIuSi8hIPNySu/q +OaEtEP4owVNZR0H6mCHy5pANsyBofMkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU +gk8pmLx8yP3RILwR5am1G10PBEowHwYDVR0jBBgwFoAUgk8pmLx8yP3RILwR5am1G10PBEowDQYJ +KoZIhvcNAQELBQADggIBAC9iQ1huo6CzjcsB1IIw3WYPYVfHtvG7fiB49QO6cjth8fxM36YOxnMz +K9Zh89cnFx7BeXG4MdbR3lAWO+wTbEpM/5azAQfqHB/ZEEAo1THtqS58C1bTwJ5zxkA+wL/x1ucT +EV0QZtPHC1K5nIV5FuICiJjui5FHfj2HYu2A5a5729rdZ7sL8Vgx6TUFKpEPs5iCrlx5X/E+/wJa +DM5iIjVvrGJJq0VWHHeDJEE+Sw1CDxWYRzvu1WvCvhk149hf4LlfrR0A5t8QJRGx0WwF10DLGgJx +7epMBpzhMIXc529FTIx4Rx2PcufjTZC9EN7PkLgVfYahWEkt/YIfV/0F6U6viLxdNC5O0pimSV57 +vT6HIthX1OC34eZca0cPqH1kOuhRDKOhbP4yIgdYX6knpvw8aXsYcyTfAmDyrt0EWffeBPedaxMo +xfijdlsBQUymviUQ8qBbfl1Ew9VoC+VEsiobK7Ubog0IK+82LQ7FOLMoNYnhk5wJ63i1kVvBVAgH +64PMME2KG//BwYFfKK6jUXibabyNke72+1Jr0xpw1BHJPxNJ8Q8yCBLF0wmXmFJSM+9lSDd10Bni +FJeMFMQ0T1Sf8GUSIxYYbMK5pDguRs+JOYkUID02ylJ3L6GAnxXCjGWzpdxw29/WWJc+qsYFEIbP +kKzTUNQHaaLHmcLK22Ht +-----END CERTIFICATE----- diff --git a/radio/device.te b/radio/device.te new file mode 100644 index 0000000..f3df48a --- /dev/null +++ b/radio/device.te @@ -0,0 +1,4 @@ +type modem_block_device, dev_type; +type vendor_gnss_device, dev_type; +type modem_userdata_block_device, dev_type; +type efs_block_device, dev_type; diff --git a/radio/dmd.te b/radio/dmd.te new file mode 100644 index 0000000..76177b5 --- /dev/null +++ b/radio/dmd.te @@ -0,0 +1,32 @@ +type dmd, domain; +type dmd_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(dmd) + +# Grant to access serial device for external logging tool +allow dmd serial_device:chr_file rw_file_perms; + +# Grant to access radio device +allow dmd radio_device:chr_file rw_file_perms; + +# Grant to access slog dir/file +allow dmd vendor_slog_file:dir create_dir_perms; +allow dmd vendor_slog_file:file create_file_perms; + +# Grant to access tcp socket +allow dmd node:tcp_socket node_bind; +allow dmd self:tcp_socket { create_socket_perms_no_ioctl listen accept bind }; + +# Grant to access log related properties +set_prop(dmd, vendor_diag_prop) +set_prop(dmd, vendor_slog_prop) +set_prop(dmd, vendor_modem_prop) +get_prop(dmd, vendor_persist_config_default_prop) + +# Grant to access hwservice manager +get_prop(dmd, hwservicemanager_prop) +allow dmd hidl_base_hwservice:hwservice_manager add; +allow dmd hal_vendor_oem_hwservice:hwservice_manager { add find }; +binder_call(dmd, hwservicemanager) +binder_call(dmd, modem_diagnostic_app) +binder_call(dmd, modem_logging_control) +binder_call(dmd, vendor_telephony_silentlogging_app) diff --git a/radio/file.te b/radio/file.te new file mode 100644 index 0000000..d8d253a --- /dev/null +++ b/radio/file.te @@ -0,0 +1,40 @@ +# Data +type rild_vendor_data_file, file_type, data_file_type; +type vendor_gps_file, file_type, data_file_type; +type modem_stat_data_file, file_type, data_file_type; +type vendor_log_file, file_type, data_file_type; +type vendor_rfsd_log_file, file_type, data_file_type; +type vendor_slog_file, file_type, data_file_type; +userdebug_or_eng(` + typeattribute vendor_gps_file mlstrustedobject; + typeattribute vendor_slog_file mlstrustedobject; +') + +# persist +type persist_modem_file, file_type, vendor_persist_type; + +# Modem +type modem_efs_file, file_type; +type modem_userdata_file, file_type; +type sysfs_modem, sysfs_type, fs_type; + +# Exynos Firmware +type vendor_fw_file, vendor_file_type, file_type; + +# vendor extra images +type modem_img_file, contextmount_type, file_type, vendor_file_type; +allow modem_img_file self:filesystem associate; +type modem_config_file, file_type, vendor_file_type; + +# sysfs +type sysfs_chosen, sysfs_type, fs_type; +type sysfs_sjtag, fs_type, sysfs_type; +userdebug_or_eng(` + typeattribute sysfs_sjtag mlstrustedobject; +') + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + diff --git a/radio/file_contexts b/radio/file_contexts new file mode 100644 index 0000000..82a519b --- /dev/null +++ b/radio/file_contexts @@ -0,0 +1,41 @@ +# Binaries +/vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0 +/vendor/bin/bipchmgr u:object_r:bipchmgr_exec:s0 +/vendor/bin/vcd u:object_r:vcd_exec:s0 +/vendor/bin/dmd u:object_r:dmd_exec:s0 +/vendor/bin/sced u:object_r:sced_exec:s0 +/vendor/bin/rfsd u:object_r:rfsd_exec:s0 +/vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0 +/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 +/vendor/bin/modem_ml_svc_sit u:object_r:modem_ml_svc_sit_exec:s0 +/vendor/bin/cbd u:object_r:cbd_exec:s0 +/vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 +/vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 + +# Config files +/vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 + +# Data +/data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 +/data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 +/data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0 +/data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 +/data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0 + +# vendor extra images +/mnt/vendor/efs(/.*)? u:object_r:modem_efs_file:s0 +/mnt/vendor/efs_backup(/.*)? u:object_r:modem_efs_file:s0 +/mnt/vendor/modem_img(/.*)? u:object_r:modem_img_file:s0 +/mnt/vendor/modem_userdata(/.*)? u:object_r:modem_userdata_file:s0 +/mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 + +# Devices +/dev/ttyGS[0-3] u:object_r:serial_device:s0 +/dev/oem_ipc[0-7] u:object_r:radio_device:s0 +/dev/oem_test u:object_r:radio_device:s0 +/dev/umts_boot0 u:object_r:radio_device:s0 +/dev/umts_ipc0 u:object_r:radio_device:s0 +/dev/umts_ipc1 u:object_r:radio_device:s0 +/dev/umts_rfs0 u:object_r:radio_device:s0 +/dev/umts_dm0 u:object_r:radio_device:s0 +/dev/umts_router u:object_r:radio_device:s0 diff --git a/radio/fsck.te b/radio/fsck.te new file mode 100644 index 0000000..1095107 --- /dev/null +++ b/radio/fsck.te @@ -0,0 +1,4 @@ +allow fsck persist_block_device:blk_file rw_file_perms; +allow fsck efs_block_device:blk_file rw_file_perms; +allow fsck modem_userdata_block_device:blk_file rw_file_perms; + diff --git a/radio/genfs_contexts b/radio/genfs_contexts new file mode 100644 index 0000000..347e461 --- /dev/null +++ b/radio/genfs_contexts @@ -0,0 +1,11 @@ +# SJTAG +genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 +genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0 + +genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 + +# GPS +genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 + +# Modem +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/radio/gpsd.te b/radio/gpsd.te new file mode 100644 index 0000000..79bf4ca --- /dev/null +++ b/radio/gpsd.te @@ -0,0 +1,7 @@ +type gpsd, domain; +type gpsd_exec, vendor_file_type, exec_type, file_type; +# Allow gpsd access PixelLogger unix socket in debug build only +userdebug_or_eng(` + typeattribute gpsd mlstrustedsubject; + allow gpsd logger_app:unix_stream_socket connectto; +') diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te new file mode 100644 index 0000000..7809537 --- /dev/null +++ b/radio/grilservice_app.te @@ -0,0 +1,15 @@ +type grilservice_app, domain; +app_domain(grilservice_app) + +allow grilservice_app app_api_service:service_manager find; +allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow grilservice_app hal_radioext_hwservice:hwservice_manager find; +allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; +allow grilservice_app hal_wifi_ext_service:service_manager find; +allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find; +allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find; +binder_call(grilservice_app, hal_bluetooth_btlinux) +binder_call(grilservice_app, hal_radioext_default) +binder_call(grilservice_app, hal_wifi_ext) +binder_call(grilservice_app, hal_audiometricext_default) +binder_call(grilservice_app, rild) diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te new file mode 100644 index 0000000..bbdd2a0 --- /dev/null +++ b/radio/hal_radioext_default.te @@ -0,0 +1,21 @@ +type hal_radioext_default, domain; +type hal_radioext_default_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_radioext_default) + +hwbinder_use(hal_radioext_default) +get_prop(hal_radioext_default, hwservicemanager_prop) +add_hwservice(hal_radioext_default, hal_radioext_hwservice) + +binder_call(hal_radioext_default, servicemanager) +binder_call(hal_radioext_default, grilservice_app) +binder_call(hal_radioext_default, hal_bluetooth_btlinux) + +# RW /dev/oem_ipc0 +allow hal_radioext_default radio_device:chr_file rw_file_perms; + +# RW MIPI Freq files +allow hal_radioext_default radio_vendor_data_file:dir create_dir_perms; +allow hal_radioext_default radio_vendor_data_file:file create_file_perms; + +# Bluetooth +allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/radio/hwservice.te b/radio/hwservice.te new file mode 100644 index 0000000..19320cb --- /dev/null +++ b/radio/hwservice.te @@ -0,0 +1,9 @@ +# dmd servcie +type hal_vendor_oem_hwservice, hwservice_manager_type; + +# GRIL service +type hal_radioext_hwservice, hwservice_manager_type; + +# rild service +type hal_exynos_rild_hwservice, hwservice_manager_type; + diff --git a/radio/hwservice_contexts b/radio/hwservice_contexts new file mode 100644 index 0000000..6453a56 --- /dev/null +++ b/radio/hwservice_contexts @@ -0,0 +1,8 @@ +# dmd HAL +vendor.samsung_slsi.telephony.hardware.oemservice::IOemService u:object_r:hal_vendor_oem_hwservice:s0 + +# rild HAL +vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal u:object_r:hal_exynos_rild_hwservice:s0 + +# GRIL HAL +vendor.google.radioext::IRadioExt u:object_r:hal_radioext_hwservice:s0 diff --git a/radio/hwservicemanager.te b/radio/hwservicemanager.te new file mode 100644 index 0000000..7b64499 --- /dev/null +++ b/radio/hwservicemanager.te @@ -0,0 +1 @@ +binder_call(hwservicemanager, bipchmgr) diff --git a/radio/init.te b/radio/init.te new file mode 100644 index 0000000..eb9e465 --- /dev/null +++ b/radio/init.te @@ -0,0 +1,4 @@ +allow init modem_efs_file:dir mounton; +allow init modem_userdata_file:dir mounton; +allow init modem_img_file:dir mounton; +allow init modem_img_file:filesystem { getattr mount relabelfrom }; diff --git a/radio/init_radio.te b/radio/init_radio.te new file mode 100644 index 0000000..3a29edf --- /dev/null +++ b/radio/init_radio.te @@ -0,0 +1,8 @@ +type init_radio, domain; +type init_radio_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(init_radio); + +allow init_radio vendor_toolbox_exec:file execute_no_trans; +allow init_radio radio_vendor_data_file:dir create_dir_perms; +allow init_radio radio_vendor_data_file:file create_file_perms; diff --git a/radio/keys.conf b/radio/keys.conf new file mode 100644 index 0000000..4784c60 --- /dev/null +++ b/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/radio/logger_app.te b/radio/logger_app.te new file mode 100644 index 0000000..098955d --- /dev/null +++ b/radio/logger_app.te @@ -0,0 +1,27 @@ +userdebug_or_eng(` + allow logger_app vendor_gps_file:file create_file_perms; + allow logger_app vendor_gps_file:dir create_dir_perms; + allow logger_app vendor_slog_file:file {r_file_perms unlink}; + allow logger_app radio_vendor_data_file:file create_file_perms; + allow logger_app radio_vendor_data_file:dir create_dir_perms; + allow logger_app sysfs_sscoredump_level:file r_file_perms; + + r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) + r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) + + set_prop(logger_app, vendor_audio_prop) + set_prop(logger_app, vendor_gps_prop) + set_prop(logger_app, vendor_logger_prop) + set_prop(logger_app, vendor_modem_prop) + set_prop(logger_app, vendor_ramdump_prop) + set_prop(logger_app, vendor_rild_prop) + set_prop(logger_app, vendor_ssrdump_prop) + set_prop(logger_app, vendor_tcpdump_log_prop) + set_prop(logger_app, vendor_usb_config_prop) + set_prop(logger_app, vendor_wifi_sniffer_prop) + set_prop(logger_app, logpersistd_logging_prop) + set_prop(logger_app, logd_prop) + + # b/269383459 framework UI rendering properties + dontaudit logger_app default_prop:file { read }; +') diff --git a/radio/mac_permissions.xml b/radio/mac_permissions.xml new file mode 100644 index 0000000..4b997c2 --- /dev/null +++ b/radio/mac_permissions.xml @@ -0,0 +1,27 @@ + + + + + + + + + diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te new file mode 100644 index 0000000..8c4a0ca --- /dev/null +++ b/radio/modem_diagnostic_app.te @@ -0,0 +1,37 @@ +type modem_diagnostic_app, domain; + +app_domain(modem_diagnostic_app) +net_domain(modem_diagnostic_app) + +allow modem_diagnostic_app app_api_service:service_manager find; +allow modem_diagnostic_app radio_service:service_manager find; + +userdebug_or_eng(` + binder_call(modem_diagnostic_app, dmd) + + set_prop(modem_diagnostic_app, vendor_cbd_prop) + set_prop(modem_diagnostic_app, vendor_rild_prop) + set_prop(modem_diagnostic_app, vendor_modem_prop) + + allow modem_diagnostic_app sysfs_chosen:dir r_dir_perms; + allow modem_diagnostic_app sysfs_chosen:file r_file_perms; + + allow modem_diagnostic_app vendor_fw_file:file r_file_perms; + + allow modem_diagnostic_app radio_vendor_data_file:dir create_dir_perms; + allow modem_diagnostic_app radio_vendor_data_file:file create_file_perms; + + allow modem_diagnostic_app mnt_vendor_file:dir r_dir_perms; + allow modem_diagnostic_app mnt_vendor_file:file r_file_perms; + + allow modem_diagnostic_app modem_img_file:dir r_dir_perms; + allow modem_diagnostic_app modem_img_file:file r_file_perms; + allow modem_diagnostic_app modem_img_file:lnk_file r_file_perms; + + allow modem_diagnostic_app hal_vendor_oem_hwservice:hwservice_manager find; + + allow modem_diagnostic_app sysfs_batteryinfo:file r_file_perms; + allow modem_diagnostic_app sysfs_batteryinfo:dir search; + + dontaudit modem_diagnostic_app default_prop:file r_file_perms; +') diff --git a/radio/modem_logging_control.te b/radio/modem_logging_control.te new file mode 100644 index 0000000..7392297 --- /dev/null +++ b/radio/modem_logging_control.te @@ -0,0 +1,17 @@ +type modem_logging_control, domain; +type modem_logging_control_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(modem_logging_control) + +hwbinder_use(modem_logging_control) +binder_call(modem_logging_control, dmd) + +allow modem_logging_control radio_device:chr_file rw_file_perms; +allow modem_logging_control hal_vendor_oem_hwservice:hwservice_manager find; +allow modem_logging_control radio_vendor_data_file:dir create_dir_perms; +allow modem_logging_control radio_vendor_data_file:file create_file_perms; +allow modem_logging_control vendor_slog_file:dir create_dir_perms; +allow modem_logging_control vendor_slog_file:file create_file_perms; + +set_prop(modem_logging_control, vendor_modem_prop) +get_prop(modem_logging_control, hwservicemanager_prop) diff --git a/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te new file mode 100644 index 0000000..e742dbf --- /dev/null +++ b/radio/modem_ml_svc_sit.te @@ -0,0 +1,22 @@ +type modem_ml_svc_sit, domain; +type modem_ml_svc_sit_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(modem_ml_svc_sit) + +binder_use(modem_ml_svc_sit) + +# Grant radio device access +allow modem_ml_svc_sit radio_device:chr_file rw_file_perms; + +# Grant vendor radio and modem file/dir creation permission +allow modem_ml_svc_sit radio_vendor_data_file:dir create_dir_perms; +allow modem_ml_svc_sit radio_vendor_data_file:file create_file_perms; + +# Grant modem ml models config files access +allow modem_ml_svc_sit modem_config_file:file r_file_perms; + +# RIL property +get_prop(modem_ml_svc_sit, vendor_rild_prop) + +# Access to NNAPI service +hal_client_domain(modem_ml_svc_sit, hal_neuralnetworks) +allow modem_ml_svc_sit edgetpu_nnapi_service:service_manager find; diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te new file mode 100644 index 0000000..3b8b55e --- /dev/null +++ b/radio/modem_svc_sit.te @@ -0,0 +1,35 @@ +type modem_svc_sit, domain; +type modem_svc_sit_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(modem_svc_sit) + +hwbinder_use(modem_svc_sit) +binder_call(modem_svc_sit, rild) + +# Grant sysfs_modem access +allow modem_svc_sit sysfs_modem:file rw_file_perms; + +# Grant radio device access +allow modem_svc_sit radio_device:chr_file rw_file_perms; + +# Grant vendor radio and modem file/dir creation permission +allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms; +allow modem_svc_sit radio_vendor_data_file:file create_file_perms; +allow modem_svc_sit modem_stat_data_file:dir create_dir_perms; +allow modem_svc_sit modem_stat_data_file:file create_file_perms; + +allow modem_svc_sit vendor_fw_file:dir search; +allow modem_svc_sit vendor_fw_file:file r_file_perms; + +allow modem_svc_sit mnt_vendor_file:dir search; +allow modem_svc_sit modem_userdata_file:dir create_dir_perms; +allow modem_svc_sit modem_userdata_file:file create_file_perms; + +# RIL property +get_prop(modem_svc_sit, vendor_rild_prop) + +# Modem property +set_prop(modem_svc_sit, vendor_modem_prop) + +# hwservice permission +allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; +get_prop(modem_svc_sit, hwservicemanager_prop) diff --git a/radio/oemrilservice_app.te b/radio/oemrilservice_app.te new file mode 100644 index 0000000..b055dbe --- /dev/null +++ b/radio/oemrilservice_app.te @@ -0,0 +1,9 @@ +type oemrilservice_app, domain; +app_domain(oemrilservice_app) + +allow oemrilservice_app app_api_service:service_manager find; +allow oemrilservice_app hal_exynos_rild_hwservice:hwservice_manager find; +allow oemrilservice_app radio_service:service_manager find; + +binder_call(oemrilservice_app, rild) +set_prop(oemrilservice_app, vendor_rild_prop) diff --git a/radio/private/radio.te b/radio/private/radio.te new file mode 100644 index 0000000..a569b9c --- /dev/null +++ b/radio/private/radio.te @@ -0,0 +1 @@ +add_service(radio, uce_service) diff --git a/radio/private/service_contexts b/radio/private/service_contexts new file mode 100644 index 0000000..84ef341 --- /dev/null +++ b/radio/private/service_contexts @@ -0,0 +1,2 @@ +telephony.oem.oemrilhook u:object_r:radio_service:s0 + diff --git a/radio/property.te b/radio/property.te new file mode 100644 index 0000000..b2027e5 --- /dev/null +++ b/radio/property.te @@ -0,0 +1,16 @@ +vendor_internal_prop(vendor_carrier_prop) +vendor_internal_prop(vendor_cbd_prop) +vendor_internal_prop(vendor_slog_prop) +vendor_internal_prop(vendor_persist_config_default_prop) +vendor_internal_prop(vendor_diag_prop) +vendor_internal_prop(vendor_modem_prop) +vendor_internal_prop(vendor_rild_prop) +vendor_internal_prop(vendor_ssrdump_prop) +vendor_internal_prop(vendor_wifi_version) +vendor_internal_prop(vendor_imssvc_prop) +vendor_internal_prop(vendor_gps_prop) +vendor_internal_prop(vendor_logger_prop) +vendor_internal_prop(vendor_tcpdump_log_prop) + +# Telephony debug app +vendor_internal_prop(vendor_telephony_app_prop) diff --git a/radio/property_contexts b/radio/property_contexts new file mode 100644 index 0000000..602b411 --- /dev/null +++ b/radio/property_contexts @@ -0,0 +1,59 @@ +# for cbd +vendor.cbd. u:object_r:vendor_cbd_prop:s0 +persist.vendor.cbd. u:object_r:vendor_cbd_prop:s0 + +# for ims service +persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0 + +# for slog +vendor.sys.silentlog. u:object_r:vendor_slog_prop:s0 +vendor.sys.exynos.slog. u:object_r:vendor_slog_prop:s0 +persist.vendor.sys.silentlog u:object_r:vendor_slog_prop:s0 + +# for dmd +persist.vendor.sys.dm. u:object_r:vendor_diag_prop:s0 +persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0 +vendor.sys.dmd. u:object_r:vendor_diag_prop:s0 +vendor.sys.diag. u:object_r:vendor_diag_prop:s0 +persist.vendor.config. u:object_r:vendor_persist_config_default_prop:s0 + +# for logger app +vendor.pixellogger. u:object_r:vendor_logger_prop:s0 +persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0 +persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0 + +# Modem +persist.vendor.modem. u:object_r:vendor_modem_prop:s0 +vendor.modem. u:object_r:vendor_modem_prop:s0 +vendor.sys.modem. u:object_r:vendor_modem_prop:s0 +vendor.sys.modem_reset u:object_r:vendor_modem_prop:s0 +ro.vendor.sys.modem. u:object_r:vendor_modem_prop:s0 +vendor.sys.exynos.modempath u:object_r:vendor_modem_prop:s0 +persist.vendor.sys.modem. u:object_r:vendor_modem_prop:s0 + +# for rild +persist.vendor.ril. u:object_r:vendor_rild_prop:s0 +vendor.ril. u:object_r:vendor_rild_prop:s0 +vendor.radio. u:object_r:vendor_rild_prop:s0 +vendor.sys.rild_reset u:object_r:vendor_rild_prop:s0 +persist.vendor.radio. u:object_r:vendor_rild_prop:s0 +ro.vendor.config.build_carrier u:object_r:vendor_carrier_prop:s0 + +# SSR Detector +vendor.debug.ssrdump. u:object_r:vendor_ssrdump_prop:s0 +persist.vendor.sys.ssr. u:object_r:vendor_ssrdump_prop:s0 + +# WiFi +vendor.wlan.driver.version u:object_r:vendor_wifi_version:s0 +vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 + +# for vendor telephony debug app +vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 + +# for gps +vendor.gps. u:object_r:vendor_gps_prop:s0 +persist.vendor.gps. u:object_r:vendor_gps_prop:s0 + +# Tcpdump_logger +persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 +vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 diff --git a/radio/radio.te b/radio/radio.te new file mode 100644 index 0000000..5d13273 --- /dev/null +++ b/radio/radio.te @@ -0,0 +1,6 @@ +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/radio/rfsd.te b/radio/rfsd.te new file mode 100644 index 0000000..898e7fc --- /dev/null +++ b/radio/rfsd.te @@ -0,0 +1,36 @@ +type rfsd, domain; +type rfsd_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(rfsd) + +# Allow to search block device and mnt dir for modem EFS partitions +allow rfsd mnt_vendor_file:dir search; +allow rfsd block_device:dir search; + +# Allow to operate with modem EFS file/dir +allow rfsd modem_efs_file:dir create_dir_perms; +allow rfsd modem_efs_file:file create_file_perms; + +allow rfsd radio_vendor_data_file:dir r_dir_perms; +allow rfsd radio_vendor_data_file:file r_file_perms; + +r_dir_file(rfsd, vendor_fw_file) + +# Allow to access rfsd log file/dir +allow rfsd vendor_log_file:dir search; +allow rfsd vendor_rfsd_log_file:dir create_dir_perms; +allow rfsd vendor_rfsd_log_file:file create_file_perms; + +# Allow to read/write modem block device +allow rfsd modem_block_device:blk_file rw_file_perms; + +# Allow to operate with radio device +allow rfsd radio_device:chr_file rw_file_perms; + +# Allow to set rild and modem property +set_prop(rfsd, vendor_modem_prop) +set_prop(rfsd, vendor_rild_prop) + +# Allow rfsd to access modem image file/dir +allow rfsd modem_img_file:dir r_dir_perms; +allow rfsd modem_img_file:file r_file_perms; +allow rfsd modem_img_file:lnk_file r_file_perms; diff --git a/radio/rild.te b/radio/rild.te new file mode 100644 index 0000000..a82e135 --- /dev/null +++ b/radio/rild.te @@ -0,0 +1,40 @@ +set_prop(rild, vendor_rild_prop) +set_prop(rild, vendor_modem_prop) +get_prop(rild, vendor_persist_config_default_prop) +get_prop(rild, vendor_carrier_prop) + +get_prop(rild, sota_prop) +get_prop(rild, system_boot_reason_prop) + +allow rild proc_net:file rw_file_perms; +allow rild radio_vendor_data_file:dir create_dir_perms; +allow rild radio_vendor_data_file:file create_file_perms; +allow rild rild_vendor_data_file:dir create_dir_perms; +allow rild rild_vendor_data_file:file create_file_perms; +allow rild vendor_fw_file:file r_file_perms; +allow rild mnt_vendor_file:dir r_dir_perms; + +r_dir_file(rild, modem_img_file) + +binder_call(rild, bipchmgr) +binder_call(rild, gpsd) +binder_call(rild, hal_audio_default) +binder_call(rild, modem_svc_sit) +binder_call(rild, vendor_ims_app) +binder_call(rild, vendor_rcs_app) +binder_call(rild, oemrilservice_app) +binder_call(rild, hal_secure_element_uicc) +binder_call(rild, grilservice_app) +binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) +binder_call(rild, logger_app) + +crash_dump_fallback(rild) + +# for hal service +add_hwservice(rild, hal_exynos_rild_hwservice) + +# Allow rild to access files on modem img. +allow rild modem_img_file:dir r_dir_perms; +allow rild modem_img_file:file r_file_perms; +allow rild modem_img_file:lnk_file r_file_perms; diff --git a/radio/sced.te b/radio/sced.te new file mode 100644 index 0000000..2b08973 --- /dev/null +++ b/radio/sced.te @@ -0,0 +1,23 @@ +type sced, domain; +type sced_exec, vendor_file_type, exec_type, file_type; + +userdebug_or_eng(` + init_daemon_domain(sced) + typeattribute sced vendor_executes_system_violators; + + hwbinder_use(sced) + binder_call(sced, dmd) + binder_call(sced, vendor_telephony_silentlogging_app) + + get_prop(sced, hwservicemanager_prop) + allow sced self:packet_socket create_socket_perms_no_ioctl; + + allow sced self:capability net_raw; + allow sced shell_exec:file rx_file_perms; + allow sced tcpdump_exec:file rx_file_perms; + allow sced vendor_shell_exec:file x_file_perms; + allow sced vendor_slog_file:dir create_dir_perms; + allow sced vendor_slog_file:file create_file_perms; + allow sced hidl_base_hwservice:hwservice_manager add; + allow sced hal_vendor_oem_hwservice:hwservice_manager { add find }; +') diff --git a/radio/seapp_contexts b/radio/seapp_contexts new file mode 100644 index 0000000..9e74853 --- /dev/null +++ b/radio/seapp_contexts @@ -0,0 +1,30 @@ +# Sub System Ramdump +user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user + +# CBRS setup app +user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user + +# Modem Diagnostic System +user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user + +# grilservice +user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all + +# exynos apps +user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all + +# slsi logging apps +user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_silentlogging_app levelFrom=all +user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging:remote domain=vendor_silentlogging_remote_app levelFrom=all +user=system seinfo=platform name=com.samsung.slsi.sysdebugmode domain=vendor_telephony_debug_app levelFrom=all +user=system seinfo=platform name=com.samsung.slsi.telephony.testmode domain=vendor_telephony_test_app levelFrom=all + +# Samsung S.LSI engineer mode +user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all + +# Domain for CatEngineService +user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all + diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te new file mode 100644 index 0000000..2caf6d7 --- /dev/null +++ b/radio/ssr_detector.te @@ -0,0 +1,24 @@ +type ssr_detector_app, domain; + +app_domain(ssr_detector_app) +allow ssr_detector_app app_api_service:service_manager find; +allow ssr_detector_app radio_service:service_manager find; + +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; + +allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; +allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; +userdebug_or_eng(` + allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; + allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; + get_prop(ssr_detector_app, vendor_aoc_prop) + allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; + allow ssr_detector_app sysfs_sjtag:file rw_file_perms; + allow ssr_detector_app proc_vendor_sched:dir search; + allow ssr_detector_app proc_vendor_sched:file rw_file_perms; + allow ssr_detector_app cgroup:file write; +') + +get_prop(ssr_detector_app, vendor_ssrdump_prop) +get_prop(ssr_detector_app, vendor_wifi_version) diff --git a/radio/vcd.te b/radio/vcd.te new file mode 100644 index 0000000..c5c229e --- /dev/null +++ b/radio/vcd.te @@ -0,0 +1,13 @@ +type vcd, domain; +type vcd_exec, vendor_file_type, exec_type, file_type; +userdebug_or_eng(` + init_daemon_domain(vcd) + + get_prop(vcd, vendor_rild_prop); + get_prop(vcd, vendor_persist_config_default_prop); + + allow vcd serial_device:chr_file rw_file_perms; + allow vcd radio_device:chr_file rw_file_perms; + allow vcd self:tcp_socket { create_socket_perms_no_ioctl listen accept }; + allow vcd node:tcp_socket node_bind; +') diff --git a/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te new file mode 100644 index 0000000..d35403a --- /dev/null +++ b/radio/vendor_engineermode_app.te @@ -0,0 +1,12 @@ +type vendor_engineermode_app, domain; +app_domain(vendor_engineermode_app) + +binder_call(vendor_engineermode_app, rild) + +allow vendor_engineermode_app app_api_service:service_manager find; +allow vendor_engineermode_app hal_exynos_rild_hwservice:hwservice_manager find; + +userdebug_or_eng(` + dontaudit vendor_engineermode_app default_prop:file r_file_perms; +') + diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te new file mode 100644 index 0000000..ed65eae --- /dev/null +++ b/radio/vendor_ims_app.te @@ -0,0 +1,20 @@ +type vendor_ims_app, domain; +app_domain(vendor_ims_app) +net_domain(vendor_ims_app) + +allow vendor_ims_app app_api_service:service_manager find; +allow vendor_ims_app audioserver_service:service_manager find; + +allow vendor_ims_app hal_exynos_rild_hwservice:hwservice_manager find; +allow vendor_ims_app radio_service:service_manager find; + +allow vendor_ims_app mediaserver_service:service_manager find; +allow vendor_ims_app cameraserver_service:service_manager find; +allow vendor_ims_app mediametrics_service:service_manager find; + +allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl }; + +binder_call(vendor_ims_app, rild) +set_prop(vendor_ims_app, vendor_rild_prop) +set_prop(vendor_ims_app, radio_prop) +get_prop(vendor_ims_app, vendor_imssvc_prop) diff --git a/radio/vendor_init.te b/radio/vendor_init.te new file mode 100644 index 0000000..ed6f530 --- /dev/null +++ b/radio/vendor_init.te @@ -0,0 +1,6 @@ +set_prop(vendor_init, vendor_cbd_prop) +set_prop(vendor_init, vendor_carrier_prop) +set_prop(vendor_init, vendor_modem_prop) +set_prop(vendor_init, vendor_rild_prop) +set_prop(vendor_init, vendor_logger_prop) +set_prop(vendor_init, vendor_slog_prop) diff --git a/radio/vendor_qualifiednetworks_app.te b/radio/vendor_qualifiednetworks_app.te new file mode 100644 index 0000000..e48601a --- /dev/null +++ b/radio/vendor_qualifiednetworks_app.te @@ -0,0 +1,5 @@ +type vendor_qualifiednetworks_app, domain; +app_domain(vendor_qualifiednetworks_app) + +allow vendor_qualifiednetworks_app app_api_service:service_manager find; +allow vendor_qualifiednetworks_app radio_service:service_manager find; diff --git a/radio/vendor_rcs_app.te b/radio/vendor_rcs_app.te new file mode 100644 index 0000000..37cadef --- /dev/null +++ b/radio/vendor_rcs_app.te @@ -0,0 +1,9 @@ +type vendor_rcs_app, domain; +app_domain(vendor_rcs_app) +net_domain(vendor_rcs_app) + +allow vendor_rcs_app app_api_service:service_manager find; +allow vendor_rcs_app radio_service:service_manager find; +allow vendor_rcs_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_rcs_app, rild) diff --git a/radio/vendor_silentlogging_remote_app.te b/radio/vendor_silentlogging_remote_app.te new file mode 100644 index 0000000..885fb6a --- /dev/null +++ b/radio/vendor_silentlogging_remote_app.te @@ -0,0 +1,13 @@ +type vendor_silentlogging_remote_app, domain; +app_domain(vendor_silentlogging_remote_app) + +allow vendor_silentlogging_remote_app vendor_slog_file:dir create_dir_perms; +allow vendor_silentlogging_remote_app vendor_slog_file:file create_file_perms; + +allow vendor_silentlogging_remote_app app_api_service:service_manager find; + +userdebug_or_eng(` +# Silent Logging Remote +dontaudit vendor_silentlogging_remote_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_silentlogging_remote_app system_app_data_file:file create_file_perms; +') diff --git a/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te new file mode 100644 index 0000000..539fffc --- /dev/null +++ b/radio/vendor_telephony_debug_app.te @@ -0,0 +1,20 @@ +type vendor_telephony_debug_app, domain; +app_domain(vendor_telephony_debug_app) + +allow vendor_telephony_debug_app app_api_service:service_manager find; +allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_telephony_debug_app, rild) + +# RIL property +set_prop(vendor_telephony_debug_app, vendor_rild_prop) + +# Debug property +set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop) + +userdebug_or_eng(` +# System Debug Mode +dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms; +dontaudit vendor_telephony_debug_app default_prop:file r_file_perms; +') diff --git a/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te new file mode 100644 index 0000000..583f408 --- /dev/null +++ b/radio/vendor_telephony_silentlogging_app.te @@ -0,0 +1,21 @@ +type vendor_telephony_silentlogging_app, domain; +app_domain(vendor_telephony_silentlogging_app) + +set_prop(vendor_telephony_silentlogging_app, vendor_modem_prop) +set_prop(vendor_telephony_silentlogging_app, vendor_slog_prop) + +allow vendor_telephony_silentlogging_app vendor_slog_file:dir create_dir_perms; +allow vendor_telephony_silentlogging_app vendor_slog_file:file create_file_perms; + +allow vendor_telephony_silentlogging_app app_api_service:service_manager find; +allow vendor_telephony_silentlogging_app hal_vendor_oem_hwservice:hwservice_manager find; +binder_call(vendor_telephony_silentlogging_app, dmd) +binder_call(vendor_telephony_silentlogging_app, sced) + +userdebug_or_eng(` +# Silent Logging +dontaudit vendor_telephony_silentlogging_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_telephony_silentlogging_app system_app_data_file:file create_file_perms; +dontaudit vendor_telephony_silentlogging_app default_prop:file { getattr open read map }; +allow vendor_telephony_silentlogging_app selinuxfs:file { read open }; +') diff --git a/radio/vendor_telephony_test_app.te b/radio/vendor_telephony_test_app.te new file mode 100644 index 0000000..ea18209 --- /dev/null +++ b/radio/vendor_telephony_test_app.te @@ -0,0 +1,4 @@ +type vendor_telephony_test_app, domain; +app_domain(vendor_telephony_test_app) + +allow vendor_telephony_test_app app_api_service:service_manager find; diff --git a/radio/vold.te b/radio/vold.te new file mode 100644 index 0000000..3923e9c --- /dev/null +++ b/radio/vold.te @@ -0,0 +1,4 @@ +allow vold modem_efs_file:dir rw_dir_perms; +allow vold modem_userdata_file:dir rw_dir_perms; +allow vold efs_block_device:blk_file { getattr }; +allow vold modem_userdata_block_device:blk_file { getattr }; diff --git a/system_ext/private/platform_app.te b/system_ext/private/platform_app.te new file mode 100644 index 0000000..20042f2 --- /dev/null +++ b/system_ext/private/platform_app.te @@ -0,0 +1,2 @@ +# allow systemui access to fingerprint +hal_client_domain(platform_app, hal_fingerprint) diff --git a/tracking_denials/README.txt b/tracking_denials/README.txt new file mode 100644 index 0000000..6cfc62d --- /dev/null +++ b/tracking_denials/README.txt @@ -0,0 +1,2 @@ +This folder stores known errors detected by PTS. Be sure to remove relevant +files to reproduce error log on latest ROMs. diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te new file mode 100644 index 0000000..e15c110 --- /dev/null +++ b/tracking_denials/bootanim.te @@ -0,0 +1,2 @@ +# b/260522279 +dontaudit bootanim system_data_file:dir { search }; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..8903cdd --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1,56 @@ +con_monitor_app app_data_file dir b/264483670 +con_monitor_app app_data_file file b/264483670 +con_monitor_app dalvikcache_data_file dir b/264483670 +con_monitor_app dalvikcache_data_file file b/264483670 +con_monitor_app mnt_expand_file dir b/264483670 +con_monitor_app system_data_file lnk_file b/264483670 +dumpstate app_zygote process b/264483390 +dumpstate sysfs_scsi_devices_0000 file b/272166771 +google_camera_app audio_service service_manager b/264600171 +google_camera_app backup_service service_manager b/264483456 +google_camera_app legacy_permission_service service_manager b/264600171 +google_camera_app permission_checker_service service_manager b/264600171 +hal_audio_default hal_audio_default binder b/274374769 +hal_bootctl_default hal_bootctl_default capability b/274727372 +hal_camera_default edgetpu_app_server binder b/275001641 +hal_camera_default edgetpu_app_service service_manager b/275001641 +hal_dumpstate_default vendor_displaycolor_service service_manager b/264482983 +hal_dumpstate_default vendor_displaycolor_service service_manager b/264600086 +hal_dumpstate_default vendor_modem_prop property_service b/264482983 +hal_dumpstate_default vendor_tcpdump_log_prop file b/273638940 +hal_power_default sysfs file b/273638876 +hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151 +hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151 +hal_thermal_default sysfs file b/272166722 +hal_thermal_default sysfs file b/272166987 +hal_uwb_default debugfs file b/273639365 +incidentd apex_art_data_file file b/272628762 +incidentd incidentd anon_inode b/274374992 +insmod-sh insmod-sh key b/274374722 +insmod-sh vendor_regmap_debugfs dir b/274727542 +kernel vendor_fw_file dir b/272166737 +kernel vendor_fw_file dir b/272166787 +mtectrl unlabeled dir b/264483752 +platform_app bootanim_system_prop property_service b/264483532 +servicemanager hal_fingerprint_default binder b/264483753 +system_server default_android_service service_manager b/264483754 +systemui_app bootanim_system_prop property_service b/269964574 +systemui_app hal_googlebattery binder b/269964574 +systemui_app init unix_stream_socket b/269964574 +systemui_app mediaextractor_service service_manager b/272628174 +systemui_app mediametrics_service service_manager b/272628174 +systemui_app mediaserver_service service_manager b/272628174 +systemui_app property_socket sock_file b/269964574 +systemui_app qemu_hw_prop file b/269964574 +systemui_app twoshay binder b/269964574 +systemui_app vr_manager_service service_manager b/272628174 +twoshay systemui_app binder b/269964558 +untrusted_app default_android_service service_manager b/264599934 +vendor_init device_config_configuration_prop property_service b/267714573 +vendor_init device_config_configuration_prop property_service b/268566481 +vendor_init device_config_configuration_prop property_service b/273143844 +vendor_init tee_data_file lnk_file b/267714573 +vendor_init tee_data_file lnk_file b/272166664 +vendor_init vendor_camera_prop property_service b/267714573 +vendor_init vendor_camera_prop property_service b/268566481 +vendor_init vendor_camera_prop property_service b/273143844 diff --git a/tracking_denials/chre.te b/tracking_denials/chre.te new file mode 100644 index 0000000..beee716 --- /dev/null +++ b/tracking_denials/chre.te @@ -0,0 +1,4 @@ +# b/261105224 +dontaudit chre hal_system_suspend_service:service_manager { find }; +dontaudit chre servicemanager:binder { call }; +dontaudit chre system_suspend_server:binder { call }; diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te new file mode 100644 index 0000000..3baf986 --- /dev/null +++ b/tracking_denials/con_monitor_app.te @@ -0,0 +1,36 @@ +# b/261518779 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; +dontaudit con_monitor_app system_server:binder { call }; +dontaudit con_monitor_app system_server:binder { transfer }; +dontaudit con_monitor_app system_server:fd { use }; +# b/261783158 +dontaudit con_monitor_app system_file:file { getattr }; +dontaudit con_monitor_app system_file:file { map }; +dontaudit con_monitor_app system_file:file { open }; +dontaudit con_monitor_app system_file:file { read }; +dontaudit con_monitor_app tmpfs:file { execute }; +dontaudit con_monitor_app tmpfs:file { map }; +dontaudit con_monitor_app tmpfs:file { read }; +dontaudit con_monitor_app tmpfs:file { write }; +# b/261933171 +dontaudit con_monitor_app dumpstate:fd { use }; +dontaudit con_monitor_app dumpstate:fifo_file { append }; +dontaudit con_monitor_app dumpstate:fifo_file { write }; +dontaudit con_monitor_app system_server:fifo_file { write }; +dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; +dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; +# b/262455571 +dontaudit con_monitor_app data_file_type:dir { search }; +dontaudit con_monitor_app servicemanager:binder { call }; +dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; +dontaudit con_monitor_app statsdw_socket:sock_file { write }; +dontaudit con_monitor_app system_file:file { execute }; +# b/264489520 +userdebug_or_eng(` + permissive con_monitor_app; +') +# b/267843291 +dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te new file mode 100644 index 0000000..4428b68 --- /dev/null +++ b/tracking_denials/fastbootd.te @@ -0,0 +1,4 @@ +# b/264489957 +userdebug_or_eng(` + permissive fastbootd; +') \ No newline at end of file diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te new file mode 100644 index 0000000..a5a791b --- /dev/null +++ b/tracking_denials/gmscore_app.te @@ -0,0 +1,10 @@ +# b/259302023 +dontaudit gmscore_app property_type:file *; +# b/260365725 +dontaudit gmscore_app property_type:file *; +# b/260522434 +dontaudit gmscore_app modem_img_file:filesystem { getattr }; +# b/264489521 +userdebug_or_eng(` + permissive gmscore_app; +') diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te new file mode 100644 index 0000000..84c0aca --- /dev/null +++ b/tracking_denials/google_camera_app.te @@ -0,0 +1,29 @@ +# b/262455755 +dontaudit google_camera_app activity_service:service_manager { find }; +dontaudit google_camera_app cameraserver_service:service_manager { find }; +dontaudit google_camera_app content_capture_service:service_manager { find }; +dontaudit google_camera_app device_state_service:service_manager { find }; +dontaudit google_camera_app edgetpu_app_service:service_manager { find }; +dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; +dontaudit google_camera_app edgetpu_device:chr_file { map }; +dontaudit google_camera_app edgetpu_device:chr_file { read write }; +dontaudit google_camera_app fwk_stats_service:service_manager { find }; +dontaudit google_camera_app game_service:service_manager { find }; +dontaudit google_camera_app mediaserver_service:service_manager { find }; +dontaudit google_camera_app netstats_service:service_manager { find }; +dontaudit google_camera_app sensorservice_service:service_manager { find }; +dontaudit google_camera_app surfaceflinger_service:service_manager { find }; +dontaudit google_camera_app thermal_service:service_manager { find }; +# b/264490031 +userdebug_or_eng(` + permissive google_camera_app; +')# b/264483456 +dontaudit google_camera_app backup_service:service_manager { find }; +# b/264600171 +dontaudit google_camera_app audio_service:service_manager { find }; +dontaudit google_camera_app legacy_permission_service:service_manager { find }; +dontaudit google_camera_app permission_checker_service:service_manager { find }; +# b/265220235 +dontaudit google_camera_app virtual_device_service:service_manager { find }; +# b/267843408 +dontaudit google_camera_app device_policy_service:service_manager { find }; diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te new file mode 100644 index 0000000..abc4811 --- /dev/null +++ b/tracking_denials/hal_camera_default.te @@ -0,0 +1,4 @@ +# b/264489778 +userdebug_or_eng(` + permissive hal_camera_default; +') diff --git a/tracking_denials/hal_contexthub_default.te b/tracking_denials/hal_contexthub_default.te new file mode 100644 index 0000000..3c9a51f --- /dev/null +++ b/tracking_denials/hal_contexthub_default.te @@ -0,0 +1,7 @@ +# b/261105182 +dontaudit hal_contexthub_default chre:unix_stream_socket { connectto }; +dontaudit hal_contexthub_default chre_socket:sock_file { write }; +# b/264489794 +userdebug_or_eng(` + permissive hal_contexthub_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te new file mode 100644 index 0000000..8f3138c --- /dev/null +++ b/tracking_denials/hal_neuralnetworks_armnn.te @@ -0,0 +1,16 @@ +# b/260366177 +dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; +# b/260768359 +dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; +dontaudit hal_neuralnetworks_armnn default_prop:file { map }; +dontaudit hal_neuralnetworks_armnn default_prop:file { open }; +dontaudit hal_neuralnetworks_armnn default_prop:file { read }; +# b/260921579 +dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; +dontaudit hal_neuralnetworks_armnn default_prop:file { map }; +dontaudit hal_neuralnetworks_armnn default_prop:file { open }; +dontaudit hal_neuralnetworks_armnn default_prop:file { read }; +# b/264489188 +userdebug_or_eng(` + permissive hal_neuralnetworks_armnn; +') \ No newline at end of file diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te new file mode 100644 index 0000000..5925425 --- /dev/null +++ b/tracking_denials/hal_power_default.te @@ -0,0 +1,3 @@ +# b/267261305 +dontaudit hal_power_default hal_power_default:capability { dac_override }; +dontaudit hal_power_default hal_power_default:capability { dac_read_search }; diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..601c2bb --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,3 @@ +# b/267260619 +dontaudit hal_sensors_default dumpstate:fd { use }; +dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..08db477 --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/267261163 +dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/hwservicemanager.te b/tracking_denials/hwservicemanager.te new file mode 100644 index 0000000..53222bd --- /dev/null +++ b/tracking_denials/hwservicemanager.te @@ -0,0 +1,4 @@ +# b/264489781 +userdebug_or_eng(` + permissive hwservicemanager; +') diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te new file mode 100644 index 0000000..4bd4489 --- /dev/null +++ b/tracking_denials/incidentd.te @@ -0,0 +1,3 @@ +# b/261933310 +dontaudit incidentd debugfs_wakeup_sources:file { open }; +dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/installd.te b/tracking_denials/installd.te new file mode 100644 index 0000000..95b0a2f --- /dev/null +++ b/tracking_denials/installd.te @@ -0,0 +1,6 @@ +# b/260522202 +dontaudit installd modem_img_file:filesystem { quotaget }; +# b/264490035 +userdebug_or_eng(` + permissive installd; +') \ No newline at end of file diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te new file mode 100644 index 0000000..23d091b --- /dev/null +++ b/tracking_denials/kernel.te @@ -0,0 +1,7 @@ +# b/262794429 +dontaudit kernel sepolicy_file:file { getattr }; +dontaudit kernel system_bootstrap_lib_file:dir { getattr }; +dontaudit kernel system_bootstrap_lib_file:file { getattr }; +dontaudit kernel system_dlkm_file:dir { getattr }; +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/logd.te b/tracking_denials/logd.te new file mode 100644 index 0000000..ab19623 --- /dev/null +++ b/tracking_denials/logd.te @@ -0,0 +1,7 @@ +# b/261105354 +dontaudit logd trusty_log_device:chr_file { open }; +dontaudit logd trusty_log_device:chr_file { read }; +# b/264489639 +userdebug_or_eng(` + permissive logd; +') \ No newline at end of file diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te new file mode 100644 index 0000000..604cf7d --- /dev/null +++ b/tracking_denials/priv_app.te @@ -0,0 +1,21 @@ +# b/260366281 +dontaudit priv_app privapp_data_file:dir { getattr }; +dontaudit priv_app privapp_data_file:dir { search }; +dontaudit priv_app vendor_default_prop:file { getattr }; +dontaudit priv_app vendor_default_prop:file { map }; +dontaudit priv_app vendor_default_prop:file { open }; +# b/260522282 +dontaudit priv_app privapp_data_file:file { open }; +dontaudit priv_app privapp_data_file:file { setattr }; +# b/260768358 +dontaudit priv_app default_android_service:service_manager { find }; +# b/260922442 +dontaudit priv_app default_android_service:service_manager { find }; +# b/263185432 +dontaudit priv_app privapp_data_file:file { unlink }; +# b/264490074 +userdebug_or_eng(` + permissive priv_app; +')# b/268572216 +dontaudit priv_app privapp_data_file:dir { add_name }; +dontaudit priv_app privapp_data_file:dir { remove_name }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te new file mode 100644 index 0000000..26657eb --- /dev/null +++ b/tracking_denials/rebalance_interrupts_vendor.te @@ -0,0 +1,6 @@ +# b/260366278 +dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; +# b/264489565 +userdebug_or_eng(` + permissive rebalance_interrupts_vendor; +') \ No newline at end of file diff --git a/tracking_denials/recovery.te b/tracking_denials/recovery.te new file mode 100644 index 0000000..bd39922 --- /dev/null +++ b/tracking_denials/recovery.te @@ -0,0 +1,4 @@ +# b/264490092 +userdebug_or_eng(` + permissive recovery; +') \ No newline at end of file diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te new file mode 100644 index 0000000..142b95b --- /dev/null +++ b/tracking_denials/servicemanager.te @@ -0,0 +1,6 @@ +# b/263429985 +dontaudit servicemanager tee:binder { call }; +# b/264489962 +userdebug_or_eng(` + permissive servicemanager; +') \ No newline at end of file diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te new file mode 100644 index 0000000..d1c8b73 --- /dev/null +++ b/tracking_denials/ssr_detector_app.te @@ -0,0 +1,6 @@ +# b/261651131 +dontaudit ssr_detector_app system_app_data_file:file { open }; +# b/264489567 +userdebug_or_eng(` + permissive ssr_detector_app; +') \ No newline at end of file diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te new file mode 100644 index 0000000..b834b57 --- /dev/null +++ b/tracking_denials/system_suspend.te @@ -0,0 +1,2 @@ +# b/261105356 +dontaudit system_suspend_server chre:binder { transfer }; diff --git a/tracking_denials/systemui.te b/tracking_denials/systemui.te new file mode 100644 index 0000000..3159dd9 --- /dev/null +++ b/tracking_denials/systemui.te @@ -0,0 +1,4 @@ +# b/264266705 +userdebug_or_eng(` + permissive systemui_app; +') diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te new file mode 100644 index 0000000..35142bb --- /dev/null +++ b/tracking_denials/systemui_app.te @@ -0,0 +1,2 @@ +# b/272628396 +dontaudit systemui_app service_manager_type:service_manager find; diff --git a/tracking_denials/tcpdump_logger.te b/tracking_denials/tcpdump_logger.te new file mode 100644 index 0000000..b0a7046 --- /dev/null +++ b/tracking_denials/tcpdump_logger.te @@ -0,0 +1,4 @@ +# b/264490014 +userdebug_or_eng(` + permissive tcpdump_logger; +') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te new file mode 100644 index 0000000..0de59ee --- /dev/null +++ b/tracking_denials/update_engine.te @@ -0,0 +1,2 @@ +# b/267261048 +dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..abfba26 --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,3 @@ +# b/260366195 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/vendor/audioserver.te b/vendor/audioserver.te new file mode 100644 index 0000000..a0466ed --- /dev/null +++ b/vendor/audioserver.te @@ -0,0 +1,2 @@ +#allow access to ALSA MMAP FDs for AAudio API +allow audioserver audio_device:chr_file r_file_perms; diff --git a/vendor/bootanim.te b/vendor/bootanim.te new file mode 100644 index 0000000..cc36346 --- /dev/null +++ b/vendor/bootanim.te @@ -0,0 +1 @@ +allow bootanim arm_mali_platform_service:service_manager find; diff --git a/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te new file mode 100644 index 0000000..f34c5f3 --- /dev/null +++ b/vendor/cccdk_timesync_app.te @@ -0,0 +1,7 @@ +type vendor_cccdktimesync_app, domain; +app_domain(vendor_cccdktimesync_app) + +allow vendor_cccdktimesync_app app_api_service:service_manager find; + +binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/vendor/certs/app.x509.pem b/vendor/certs/app.x509.pem new file mode 100644 index 0000000..8e3e627 --- /dev/null +++ b/vendor/certs/app.x509.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE +AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G +A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR +24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy +xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X +W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC +69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA +cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw +HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c +xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH +QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG +CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP +zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla +XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a +IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a +ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW +Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= +-----END CERTIFICATE----- diff --git a/vendor/certs/camera_eng.x509.pem b/vendor/certs/camera_eng.x509.pem new file mode 100644 index 0000000..011a9ec --- /dev/null +++ b/vendor/certs/camera_eng.x509.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx +EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw +NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO +OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR ++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb ++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg +UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX +TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj +rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB +TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK +pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY +DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG +ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 +rscXTxYEf4Tqovc= +-----END CERTIFICATE----- diff --git a/vendor/certs/camera_fishfood.x509.pem b/vendor/certs/camera_fishfood.x509.pem new file mode 100644 index 0000000..fb11572 --- /dev/null +++ b/vendor/certs/camera_fishfood.x509.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n +bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w +HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv +b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 +bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ +jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B +IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe +tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td +0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg +Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b +aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== +-----END CERTIFICATE----- diff --git a/vendor/chre.te b/vendor/chre.te new file mode 100644 index 0000000..a1d1ca5 --- /dev/null +++ b/vendor/chre.te @@ -0,0 +1,16 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te new file mode 100644 index 0000000..814c5e8 --- /dev/null +++ b/vendor/con_monitor_app.te @@ -0,0 +1,3 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te new file mode 100644 index 0000000..4199b07 --- /dev/null +++ b/vendor/debug_camera_app.te @@ -0,0 +1,23 @@ +type debug_camera_app, domain, coredomain; + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA-Eng & GCA-Next access the GXP device. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + + # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) +') diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..50510d6 --- /dev/null +++ b/vendor/device.te @@ -0,0 +1,18 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type gxp_device, dev_type, mlstrustedobject; +type fingerprint_device, dev_type; +type uci_device, dev_type; + +# Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type video_secure_heap_device, dmabuf_heap_device_type, dev_type; + +# SecureElement SPI device +type st54spi_device, dev_type; diff --git a/vendor/domain.te b/vendor/domain.te new file mode 100644 index 0000000..a8bad53 --- /dev/null +++ b/vendor/domain.te @@ -0,0 +1,5 @@ +allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms; +allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms; + +# Mali +get_prop(domain, vendor_arm_runtime_option_prop) diff --git a/vendor/dump_cma.te b/vendor/dump_cma.te new file mode 100644 index 0000000..bf5edf2 --- /dev/null +++ b/vendor/dump_cma.te @@ -0,0 +1,7 @@ +pixel_bugreport(dump_cma) + +userdebug_or_eng(` + allow dump_cma vendor_toolbox_exec:file execute_no_trans; + allow dump_cma vendor_cma_debugfs:dir r_dir_perms; + allow dump_cma vendor_cma_debugfs:file r_file_perms; +') diff --git a/vendor/dump_gsa.te b/vendor/dump_gsa.te new file mode 100644 index 0000000..8cd230b --- /dev/null +++ b/vendor/dump_gsa.te @@ -0,0 +1,6 @@ +pixel_bugreport(dump_gsa) + +userdebug_or_eng(` + allow dump_gsa vendor_toolbox_exec:file execute_no_trans; + allow dump_gsa sysfs_gsa_log:file r_file_perms; +') diff --git a/vendor/dump_power.te b/vendor/dump_power.te new file mode 100644 index 0000000..e425214 --- /dev/null +++ b/vendor/dump_power.te @@ -0,0 +1,34 @@ +pixel_bugreport(dump_power) + +allow dump_power vendor_toolbox_exec:file execute_no_trans; +allow dump_power sysfs_acpm_stats:dir r_dir_perms; +allow dump_power sysfs_acpm_stats:file r_file_perms; +allow dump_power sysfs_cpu:file r_file_perms; +allow dump_power sysfs_bcl:dir r_dir_perms; +allow dump_power sysfs_bcl:file r_file_perms; +allow dump_power sysfs_odpm:dir r_dir_perms; +allow dump_power sysfs_odpm:file r_file_perms; +allow dump_power logbuffer_device:chr_file r_file_perms; +allow dump_power sysfs_batteryinfo:dir r_dir_perms; +allow dump_power sysfs_batteryinfo:file r_file_perms; +allow dump_power sysfs_wlc:dir search; +allow dump_power sysfs_wlc:file r_file_perms; +allow dump_power sysfs_power_dump:file r_file_perms; +allow dump_power mitigation_vendor_data_file:dir r_dir_perms; +allow dump_power mitigation_vendor_data_file:file rw_file_perms; + +userdebug_or_eng(` + allow dump_power debugfs:dir r_dir_perms; + allow dump_power vendor_battery_debugfs:dir r_dir_perms; + allow dump_power vendor_battery_debugfs:file r_file_perms; + allow dump_power vendor_pm_genpd_debugfs:file r_file_perms; + allow dump_power vendor_charger_debugfs:dir r_dir_perms; + allow dump_power vendor_charger_debugfs:file r_file_perms; + allow dump_power vendor_usb_debugfs:dir r_dir_perms; + allow dump_power vendor_votable_debugfs:dir r_dir_perms; + allow dump_power vendor_votable_debugfs:file r_file_perms; + allow dump_power vendor_maxfg_debugfs:dir r_dir_perms; + allow dump_power vendor_maxfg_debugfs:file r_file_perms; + allow dump_power self:lockdown integrity; +') + diff --git a/vendor/dump_wlan.te b/vendor/dump_wlan.te new file mode 100644 index 0000000..f743da0 --- /dev/null +++ b/vendor/dump_wlan.te @@ -0,0 +1,3 @@ +pixel_bugreport(dump_wlan) + +allow dump_wlan vendor_toolbox_exec:file execute_no_trans; diff --git a/vendor/dumpstate.te b/vendor/dumpstate.te new file mode 100644 index 0000000..03d0b40 --- /dev/null +++ b/vendor/dumpstate.te @@ -0,0 +1,12 @@ +# allow HWC to output to dumpstate via pipe fd +dump_hal(hal_graphics_composer) + +dump_hal(hal_health) + +dump_hal(hal_confirmationui) + +binder_call(dumpstate, hal_wireless_charger) + +dump_hal(hal_uwb) + +dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; diff --git a/vendor/e2fs.te b/vendor/e2fs.te new file mode 100644 index 0000000..3e72adf --- /dev/null +++ b/vendor/e2fs.te @@ -0,0 +1,8 @@ +allow e2fs persist_block_device:blk_file rw_file_perms; +allow e2fs efs_block_device:blk_file rw_file_perms; +allow e2fs modem_userdata_block_device:blk_file rw_file_perms; +allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl { + BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET +}; +allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms; +allow e2fs sysfs_scsi_devices_0000:file r_file_perms; diff --git a/vendor/euiccpixel_app.te b/vendor/euiccpixel_app.te new file mode 100644 index 0000000..0e4d65b --- /dev/null +++ b/vendor/euiccpixel_app.te @@ -0,0 +1,21 @@ +type euiccpixel_app, domain; +app_domain(euiccpixel_app) + +allow euiccpixel_app app_api_service:service_manager find; +allow euiccpixel_app radio_service:service_manager find; +allow euiccpixel_app nfc_service:service_manager find; + +set_prop(euiccpixel_app, vendor_secure_element_prop) +set_prop(euiccpixel_app, vendor_modem_prop) +get_prop(euiccpixel_app, dck_prop) + +userdebug_or_eng(` + net_domain(euiccpixel_app) + + # Access to directly upgrade firmware on st54spi_device used for engineering devices + typeattribute st54spi_device mlstrustedobject; + allow euiccpixel_app st54spi_device:chr_file rw_file_perms; +') + +# b/265286368 framework UI rendering properties +dontaudit euiccpixel_app default_prop:file { read }; \ No newline at end of file diff --git a/vendor/file.te b/vendor/file.te new file mode 100644 index 0000000..cf4ad9f --- /dev/null +++ b/vendor/file.te @@ -0,0 +1,48 @@ +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; +type vendor_cma_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# Data +type sensor_reg_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts new file mode 100644 index 0000000..f08be98 --- /dev/null +++ b/vendor/file_contexts @@ -0,0 +1,167 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 + +# Vendor Firmwares +/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 +/vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 + +# Vendor libraries +/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 + + +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 + +# Devices +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-vl53l8 u:object_r:lwis_device:s0 +# Although stmvl53l1_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-vl53l8 for a better maintenance instead of creating another device type. +/dev/stmvl53l1_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:video_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:video_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:video_secure_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 diff --git a/vendor/fsck.te b/vendor/fsck.te new file mode 100644 index 0000000..cb9470d --- /dev/null +++ b/vendor/fsck.te @@ -0,0 +1,5 @@ +allow fsck persist_block_device:blk_file rw_file_perms; +allow fsck efs_block_device:blk_file rw_file_perms; +allow fsck modem_userdata_block_device:blk_file rw_file_perms; +allow fsck sysfs_scsi_devices_0000:dir r_dir_perms; +allow fsck sysfs_scsi_devices_0000:file r_file_perms; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts new file mode 100644 index 0000000..5acd7ba --- /dev/null +++ b/vendor/genfs_contexts @@ -0,0 +1,484 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /cma u:object_r:vendor_cma_debugfs:s0 + +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + +# Battery +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te new file mode 100644 index 0000000..b4ba6c1 --- /dev/null +++ b/vendor/google_camera_app.te @@ -0,0 +1,8 @@ +type google_camera_app, domain, coredomain; +app_domain(google_camera_app) + +# Allows camera app to access the GXP device. +allow google_camera_app gxp_device:chr_file rw_file_perms; + +# Allows camera app to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te new file mode 100644 index 0000000..000138a --- /dev/null +++ b/vendor/gxp_logging.te @@ -0,0 +1,10 @@ +type gxp_logging, domain; +type gxp_logging_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gxp_logging) + +# The logging service accesses /dev/gxp +allow gxp_logging gxp_device:chr_file rw_file_perms; + +# Allow gxp tracing service to send packets to Perfetto +userdebug_or_eng(`perfetto_producer(gxp_logging)') + diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..2167b3c --- /dev/null +++ b/vendor/hal_bluetooth_btlinux.te @@ -0,0 +1,6 @@ +# Allow access to always-on compute device node +allow hal_bluetooth_btlinux aoc_device:chr_file rw_file_perms; +allow hal_bluetooth_btlinux device:dir r_dir_perms; + +# allow the HAL to call cccdktimesync registered callbacks +binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app) diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te new file mode 100644 index 0000000..fe017f9 --- /dev/null +++ b/vendor/hal_bootctl_default.te @@ -0,0 +1,3 @@ +allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; +allow hal_bootctl_default sysfs_ota:file rw_file_perms; diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te new file mode 100644 index 0000000..7acd698 --- /dev/null +++ b/vendor/hal_camera_default.te @@ -0,0 +1,90 @@ +allow hal_camera_default self:global_capability_class_set sys_nice; +allow hal_camera_default kernel:process setsched; + +vndbinder_use(hal_camera_default); + +allow hal_camera_default lwis_device:chr_file rw_file_perms; + +# Face authentication code that is part of the camera HAL needs to allocate +# dma_bufs and access the Trusted Execution Environment device node + +# Allow the camera hal to access the EdgeTPU service and the +# Android shared memory allocated by the EdgeTPU service for +# on-device compilation. +allow hal_camera_default edgetpu_device:chr_file rw_file_perms; +allow hal_camera_default edgetpu_vendor_service:service_manager find; +binder_call(hal_camera_default, edgetpu_vendor_server) + +# Allow access to data files used by the camera HAL +allow hal_camera_default mnt_vendor_file:dir search; +allow hal_camera_default persist_file:dir search; +allow hal_camera_default persist_camera_file:dir rw_dir_perms; +allow hal_camera_default persist_camera_file:file create_file_perms; +allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; +allow hal_camera_default vendor_camera_data_file:file create_file_perms; + +# Allow the camera hal to access the GXP device. +allow hal_camera_default gxp_device:chr_file rw_file_perms; + +# Allow creating dump files for debugging in non-release builds +userdebug_or_eng(` + allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; + allow hal_camera_default vendor_camera_data_file:file create_file_perms; +') + +# Allow access to camera-related system properties +set_prop(hal_camera_default, vendor_camera_prop); +get_prop(hal_camera_default, vendor_camera_debug_prop); +userdebug_or_eng(` + set_prop(hal_camera_default, vendor_camera_fatp_prop); + set_prop(hal_camera_default, vendor_camera_debug_prop); +') + +# For camera hal to talk with rlsservice +allow hal_camera_default rls_service:service_manager find; +binder_call(hal_camera_default, rlsservice) + +hal_client_domain(hal_camera_default, hal_graphics_allocator); +hal_client_domain(hal_camera_default, hal_graphics_composer) +hal_client_domain(hal_camera_default, hal_power); +hal_client_domain(hal_camera_default, hal_thermal); + +# Allow access to sensor service for sensor_listener +binder_call(hal_camera_default, system_server); + +# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering +allow hal_camera_default eco_service:service_manager find; +binder_call(hal_camera_default, mediacodec_samsung); + +# Allow camera HAL to connect to the stats service. +allow hal_camera_default fwk_stats_service:service_manager find; + +# For observing apex file changes +allow hal_camera_default apex_info_file:file r_file_perms; + +# Allow camera HAL to query current device clock frequencies. +allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; + +# Allow camera HAL to read backlight of display +allow hal_camera_default sysfs_leds:dir r_dir_perms; +allow hal_camera_default sysfs_leds:file r_file_perms; + +# Allow camera HAL to query preferred camera frequencies from the radio HAL +# extensions to avoid interference with cellular antennas. +allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; +binder_call(hal_camera_default, hal_radioext_default); + +# For camera hal to talk with rlsservice +allow hal_camera_default rls_service:service_manager find; +binder_call(hal_camera_default, rlsservice) + +# Allow camera HAL to send trace packets to Perfetto +userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te new file mode 100644 index 0000000..6aa57dd --- /dev/null +++ b/vendor/hal_fingerprint_default.te @@ -0,0 +1,39 @@ +allow hal_fingerprint_default fingerprint_device:chr_file rw_file_perms; +allow hal_fingerprint_default tee_device:chr_file rw_file_perms; +allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; +allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms; + +allow hal_fingerprint_default fwk_stats_service:service_manager find; +get_prop(hal_fingerprint_default, fingerprint_ghbm_prop) +set_prop(hal_fingerprint_default, vendor_fingerprint_prop) +add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice) + +# allow fingerprint to access power hal +hal_client_domain(hal_fingerprint_default, hal_power); + +# Allow access to the files of CDT information. +r_dir_file(hal_fingerprint_default, sysfs_chosen) + +# Allow fingerprint to access calibration blk device. +allow hal_fingerprint_default mfg_data_block_device:blk_file rw_file_perms; +allow hal_fingerprint_default block_device:dir search; + +# Allow fingerprint to access fwk_sensor_hwservice +allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find; + +# Allow fingerprint to access sysfs_display +allow hal_fingerprint_default sysfs_display:file rw_file_perms; + +# Allow fingerprint to access trusty sysfs +allow hal_fingerprint_default sysfs_trusty:file rw_file_perms; + +# Allow fingerprint to access display hal +allow hal_fingerprint_default hal_pixel_display_service:service_manager find; +binder_call(hal_fingerprint_default, hal_graphics_composer_default) + +# allow fingerprint to access thermal hal +hal_client_domain(hal_fingerprint_default, hal_thermal); + +# allow fingerprint to read sysfs_leds +allow hal_fingerprint_default sysfs_leds:file r_file_perms; +allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te new file mode 100644 index 0000000..e322c3a --- /dev/null +++ b/vendor/hal_graphics_allocator_default.te @@ -0,0 +1,4 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default video_secure_heap_device:chr_file r_file_perms; diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te new file mode 100644 index 0000000..5c4aef4 --- /dev/null +++ b/vendor/hal_graphics_composer_default.te @@ -0,0 +1,43 @@ +# allow HWC to access power hal +hal_client_domain(hal_graphics_composer_default, hal_power) + +hal_client_domain(hal_graphics_composer_default, hal_graphics_allocator) + +# access sysfs R/W +allow hal_graphics_composer_default sysfs_display:dir search; +allow hal_graphics_composer_default sysfs_display:file rw_file_perms; + +# allow HWC to r/w backlight +allow hal_graphics_composer_default sysfs_leds:dir r_dir_perms; +allow hal_graphics_composer_default sysfs_leds:file rw_file_perms; + +# socket / vnd service +allow hal_graphics_composer_default self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; +vndbinder_use(hal_graphics_composer_default) + +# boot stauts prop +get_prop(hal_graphics_composer_default, boot_status_prop); + +# allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags +get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop) + +add_service(hal_graphics_composer_default, hal_pixel_display_service) + +# allow HWC/libdisplaycolor to read calibration data +allow hal_graphics_composer_default mnt_vendor_file:dir search; +allow hal_graphics_composer_default persist_file:dir search; +allow hal_graphics_composer_default persist_display_file:file r_file_perms; +allow hal_graphics_composer_default persist_display_file:dir search; + +# allow HWC to get/set vendor_display_prop +set_prop(hal_graphics_composer_default, vendor_display_prop) + +# allow HWC to access vendor_displaycolor_service +add_service(hal_graphics_composer_default, vendor_displaycolor_service) + +add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice) + +# allow HWC to read/write/search hwc_log_file +allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms; +allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms; +allow hal_graphics_composer_default vendor_log_file:dir search; diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te new file mode 100644 index 0000000..36e6cb1 --- /dev/null +++ b/vendor/hal_health_default.te @@ -0,0 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; +allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te new file mode 100644 index 0000000..d71d9e2 --- /dev/null +++ b/vendor/hal_nfc_default.te @@ -0,0 +1,5 @@ +# HAL NFC property +get_prop(hal_nfc_default, vendor_nfc_prop) + +# SecureElement property +set_prop(hal_nfc_default, vendor_secure_element_prop) diff --git a/vendor/hal_power_default.te b/vendor/hal_power_default.te new file mode 100644 index 0000000..bb86aad --- /dev/null +++ b/vendor/hal_power_default.te @@ -0,0 +1,7 @@ +allow hal_power_default sysfs_gpu:file rw_file_perms; +allow hal_power_default sysfs_fabric:file rw_file_perms; +allow hal_power_default sysfs_camera:file rw_file_perms; +allow hal_power_default sysfs_em_profile:file rw_file_perms; +allow hal_power_default sysfs_display:file rw_file_perms; +allow hal_power_default sysfs_trusty:file rw_file_perms; +set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te new file mode 100644 index 0000000..2845a0a --- /dev/null +++ b/vendor/hal_power_stats_default.te @@ -0,0 +1,18 @@ +# Allowed to access required sysfs nodes +r_dir_file(hal_power_stats_default, sysfs_aoc) +r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) +r_dir_file(hal_power_stats_default, sysfs_acpm_stats) +r_dir_file(hal_power_stats_default, sysfs_cpu) +r_dir_file(hal_power_stats_default, sysfs_iio_devices) +r_dir_file(hal_power_stats_default, sysfs_leds) +r_dir_file(hal_power_stats_default, sysfs_odpm) +r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000) +r_dir_file(hal_power_stats_default, sysfs_wifi) +r_dir_file(hal_power_stats_default, powerstats_vendor_data_file) + +# Rail selection requires read/write permissions +allow hal_power_stats_default sysfs_odpm:dir search; +allow hal_power_stats_default sysfs_odpm:file rw_file_perms; + +# getStateResidency AIDL callback for Bluetooth HAL +binder_call(hal_power_stats_default, hal_bluetooth_btlinux) diff --git a/vendor/hal_radioext_default.te b/vendor/hal_radioext_default.te new file mode 100644 index 0000000..d67f9e8 --- /dev/null +++ b/vendor/hal_radioext_default.te @@ -0,0 +1 @@ +allow hal_radioext_default sysfs_display:file rw_file_perms; diff --git a/vendor/hal_secure_element_st54spi.te b/vendor/hal_secure_element_st54spi.te new file mode 100644 index 0000000..3cc726d --- /dev/null +++ b/vendor/hal_secure_element_st54spi.te @@ -0,0 +1,7 @@ +type hal_secure_element_st54spi, domain; +type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_secure_element_st54spi) +hal_server_domain(hal_secure_element_st54spi, hal_secure_element) +allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms; +allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms; +set_prop(hal_secure_element_st54spi, vendor_secure_element_prop) diff --git a/vendor/hal_secure_element_uicc.te b/vendor/hal_secure_element_uicc.te new file mode 100644 index 0000000..8cd1cb3 --- /dev/null +++ b/vendor/hal_secure_element_uicc.te @@ -0,0 +1,12 @@ +type hal_secure_element_uicc, domain; +type hal_secure_element_uicc_exec, exec_type, vendor_file_type, file_type; + +hal_server_domain(hal_secure_element_uicc, hal_secure_element) +init_daemon_domain(hal_secure_element_uicc) + +# Allow writing to system_server pipes during crash dump +crash_dump_fallback(hal_secure_element_uicc) + +# Allow hal_secure_element_uicc to access rild +binder_call(hal_secure_element_uicc, rild); +allow hal_secure_element_uicc hal_exynos_rild_hwservice:hwservice_manager find; diff --git a/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te new file mode 100644 index 0000000..b9f6a72 --- /dev/null +++ b/vendor/hal_sensors_default.te @@ -0,0 +1,58 @@ +# Allow access to the AoC communication driver. +allow hal_sensors_default aoc_device:chr_file rw_file_perms; + +# Allow create thread to watch AOC's device. +allow hal_sensors_default device:dir r_dir_perms; + +# Allow access to CHRE socket to connect to nanoapps. +allow hal_sensors_default chre:unix_stream_socket connectto; +allow hal_sensors_default chre_socket:sock_file write; + +# Allow SensorSuez to connect AIDL stats. +allow hal_sensors_default fwk_stats_service:service_manager find; + +# Allow sensor HAL to access the graphics composer. +binder_call(hal_sensors_default, hal_graphics_composer_default); + +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; + +# Allow reading of sensor registry persist files and camera persist files. +allow hal_sensors_default mnt_vendor_file:dir search; +allow hal_sensors_default persist_file:dir search; +allow hal_sensors_default persist_file:file r_file_perms; +allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; +allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; +r_dir_file(hal_sensors_default, persist_camera_file) + +# Allow creation and writing of sensor registry data files. +allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; +allow hal_sensors_default sensor_reg_data_file:file create_file_perms; + +# Allow access to the sysfs_aoc. +allow hal_sensors_default sysfs_aoc:dir search; +allow hal_sensors_default sysfs_aoc:file r_file_perms; + +# Allow access to the AoC clock and kernel boot time sys FS node. This is needed +# to synchronize the AP and AoC clock timestamps. +allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; + +# Allow display_info_service access to the backlight driver. +allow hal_sensors_default sysfs_write_leds:file rw_file_perms; + +# Allow access to sensor service for sensor_listener. +binder_call(hal_sensors_default, system_server); + +# Allow access for dynamic sensor properties. +get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) + +# Allow access to the display info for ALS. +allow hal_sensors_default sysfs_display:file rw_file_perms; + +# Allow access to the files of CDT information. +allow hal_sensors_default sysfs_chosen:dir search; +allow hal_sensors_default sysfs_chosen:file r_file_perms; + +# Allow display_info_service access to the backlight driver. +allow hal_sensors_default sysfs_leds:dir search; +allow hal_sensors_default sysfs_leds:file r_file_perms; diff --git a/vendor/hal_thermal_default.te b/vendor/hal_thermal_default.te new file mode 100644 index 0000000..a573a2a --- /dev/null +++ b/vendor/hal_thermal_default.te @@ -0,0 +1,2 @@ +r_dir_file(hal_thermal_default, sysfs_iio_devices) +r_dir_file(hal_thermal_default, sysfs_odpm) diff --git a/vendor/hal_usb_gadget_impl.te b/vendor/hal_usb_gadget_impl.te new file mode 100644 index 0000000..2b1494f --- /dev/null +++ b/vendor/hal_usb_gadget_impl.te @@ -0,0 +1,20 @@ +type hal_usb_gadget_impl, domain; +hal_server_domain(hal_usb_gadget_impl, hal_usb) +hal_server_domain(hal_usb_gadget_impl, hal_usb_gadget) + +type hal_usb_gadget_impl_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_usb_gadget_impl) + +allow hal_usb_gadget_impl configfs:dir { create rmdir }; +allow hal_usb_gadget_impl functionfs:dir { watch watch_reads }; +set_prop(hal_usb_gadget_impl, vendor_usb_config_prop) + +# parser the number of dwc3 irq +allow hal_usb_gadget_impl proc_interrupts:file r_file_perms; + +# change irq to other cores +allow hal_usb_gadget_impl proc_irq:dir r_dir_perms; +allow hal_usb_gadget_impl proc_irq:file w_file_perms; + +allow hal_usb_gadget_impl sysfs_batteryinfo:dir r_dir_perms; +allow hal_usb_gadget_impl sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te new file mode 100644 index 0000000..15d74c5 --- /dev/null +++ b/vendor/hal_usb_impl.te @@ -0,0 +1,16 @@ +type hal_usb_impl, domain; + +type hal_usb_impl_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_usb_impl) +hal_server_domain(hal_usb_impl, hal_usb) +hal_server_domain(hal_usb_impl, hal_usb_gadget) + +allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; +allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; + +# Needed for monitoring usb port temperature +allow hal_usb_impl self:capability2 wake_alarm; +wakelock_use(hal_usb_impl); + +# For interfacing with ThermalHAL +hal_client_domain(hal_usb_impl, hal_thermal); diff --git a/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te new file mode 100644 index 0000000..06a67d0 --- /dev/null +++ b/vendor/hal_uwb_vendor_default.te @@ -0,0 +1,5 @@ +type hal_uwb_vendor_default, domain; +type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; +allow hal_uwb_default uci_device:chr_file rw_file_perms; +init_daemon_domain(hal_uwb_vendor_default) + diff --git a/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te new file mode 100644 index 0000000..9b52d7a --- /dev/null +++ b/vendor/hal_wifi_ext.te @@ -0,0 +1,9 @@ +# Allow wifi_ext to report callbacks to gril-service app +binder_call(hal_wifi_ext, grilservice_app) + +# Write wlan driver/fw version into property +set_prop(hal_wifi_ext, vendor_wifi_version) + +# Allow wifi_ext to read and write /data/vendor/firmware/wifi +allow hal_wifi_ext updated_wifi_firmware_data_file:dir rw_dir_perms; +allow hal_wifi_ext updated_wifi_firmware_data_file:file create_file_perms; diff --git a/vendor/hal_wireless_charger.te b/vendor/hal_wireless_charger.te new file mode 100644 index 0000000..17d704d --- /dev/null +++ b/vendor/hal_wireless_charger.te @@ -0,0 +1,7 @@ +type hal_wireless_charger, domain; +type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type; + +allow hal_wireless_charger dumpstate:fd use; +allow hal_wireless_charger dumpstate:fifo_file rw_file_perms; + +binder_call(hal_wireless_charger, systemui_app) \ No newline at end of file diff --git a/vendor/hwservice.te b/vendor/hwservice.te new file mode 100644 index 0000000..68b8dd7 --- /dev/null +++ b/vendor/hwservice.te @@ -0,0 +1,2 @@ +# Fingerprint +type hal_fingerprint_ext_hwservice, hwservice_manager_type; diff --git a/vendor/hwservice_contexts b/vendor/hwservice_contexts new file mode 100644 index 0000000..9f86e04 --- /dev/null +++ b/vendor/hwservice_contexts @@ -0,0 +1,2 @@ +# Fingerprint +vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0 diff --git a/vendor/init.te b/vendor/init.te new file mode 100644 index 0000000..3d0a8f9 --- /dev/null +++ b/vendor/init.te @@ -0,0 +1,13 @@ +allow init mnt_vendor_file:dir mounton; +allow init custom_ab_block_device:lnk_file relabelto; + +# This is needed for chaining a boot partition vbmeta +# descriptor, where init will probe the boot partition +# to read the chained vbmeta in the first-stage, then +# relabel /dev/block/by-name/boot_[a|b] to block_device +# after loading sepolicy in the second stage. +allow init boot_block_device:lnk_file relabelto; + +allow init persist_file:dir mounton; +allow init ram_device:blk_file w_file_perms; + diff --git a/vendor/insmod-sh.te b/vendor/insmod-sh.te new file mode 100644 index 0000000..e09c248 --- /dev/null +++ b/vendor/insmod-sh.te @@ -0,0 +1,2 @@ +allow insmod-sh self:capability sys_nice; +allow insmod-sh kernel:process setsched; diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..0f2e18e --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1,15 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/keys.conf b/vendor/keys.conf new file mode 100644 index 0000000..503d1f0 --- /dev/null +++ b/vendor/keys.conf @@ -0,0 +1,8 @@ +[@GOOGLE] +ALL : device/google/zumapro-sepolicy/vendor/certs/app.x509.pem + +[@CAMERAENG] +ALL : device/google/zumapro-sepolicy/vendor/certs/camera_eng.x509.pem + +[@CAMERAFISHFOOD] +ALL : device/google/zumapro-sepolicy/vendor/certs/camera_fishfood.x509.pem diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml new file mode 100644 index 0000000..8e8c3c2 --- /dev/null +++ b/vendor/mac_permissions.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + diff --git a/vendor/mediacodec_google.te b/vendor/mediacodec_google.te new file mode 100644 index 0000000..1c6413a --- /dev/null +++ b/vendor/mediacodec_google.te @@ -0,0 +1,35 @@ +type mediacodec_google, domain; +type mediacodec_google_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(mediacodec_google) + +vndbinder_use(mediacodec_google) + +hal_server_domain(mediacodec_google, hal_codec2) + +# mediacodec_google may use an input surface from a different Codec2 service +hal_client_domain(mediacodec_google, hal_codec2) + +hal_client_domain(mediacodec_google, hal_graphics_allocator) + +allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; +allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow mediacodec_google video_device:chr_file rw_file_perms; +allow mediacodec_google gpu_device:chr_file rw_file_perms; + +crash_dump_fallback(mediacodec_google) + +# mediacodec_google should never execute any executable without a domain transition +neverallow mediacodec_google { file_type fs_type }:file execute_no_trans; + +# Media processing code is inherently risky and thus should have limited +# permissions and be isolated from the rest of the system and network. +# Lengthier explanation here: +# https://android-developers.googleblog.com/2016/05/hardening-media-stack.html +neverallow mediacodec_google domain:{ udp_socket rawip_socket } *; +neverallow mediacodec_google { domain userdebug_or_eng(`-su') }:tcp_socket *; + +userdebug_or_eng(` + allow mediacodec_google vendor_media_data_file:dir rw_dir_perms; + allow mediacodec_google vendor_media_data_file:file create_file_perms; +') diff --git a/vendor/ofl_app.te b/vendor/ofl_app.te new file mode 100644 index 0000000..69e166a --- /dev/null +++ b/vendor/ofl_app.te @@ -0,0 +1,17 @@ +# OFLBasicAgent app + +type ofl_app, domain; + +userdebug_or_eng(` + app_domain(ofl_app) + net_domain(ofl_app) + + allow ofl_app app_api_service:service_manager find; + allow ofl_app nfc_service:service_manager find; + allow ofl_app radio_service:service_manager find; + allow ofl_app surfaceflinger_service:service_manager find; + + # Access to directly update firmware on st54spi_device + typeattribute st54spi_device mlstrustedobject; + allow ofl_app st54spi_device:chr_file rw_file_perms; +') \ No newline at end of file diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..7320d00 --- /dev/null +++ b/vendor/pixeldisplayservice_app.te @@ -0,0 +1,14 @@ +type pixeldisplayservice_app, domain, coredomain; + +app_domain(pixeldisplayservice_app); + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te new file mode 100644 index 0000000..18a1472 --- /dev/null +++ b/vendor/pixelstats_vendor.te @@ -0,0 +1,23 @@ +# Batery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) +allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; + +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; diff --git a/vendor/platform_app.te b/vendor/platform_app.te new file mode 100644 index 0000000..f0586f3 --- /dev/null +++ b/vendor/platform_app.te @@ -0,0 +1,3 @@ +# WLC +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/vendor/property.te b/vendor/property.te new file mode 100644 index 0000000..ed6caac --- /dev/null +++ b/vendor/property.te @@ -0,0 +1,12 @@ +# Fingerprint +vendor_internal_prop(vendor_fingerprint_prop) + +# Battery +vendor_internal_prop(vendor_battery_defender_prop) +vendor_internal_prop(vendor_shutdown_prop) + +# USB +vendor_internal_prop(vendor_usb_config_prop) + +# Dynamic sensor +vendor_internal_prop(vendor_dynamic_sensor_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..2d469d5 --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,19 @@ +# Camera +persist.vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.camera. u:object_r:vendor_camera_prop:s0 +vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 + +# Fingerprint +vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 +vendor.gf. u:object_r:vendor_fingerprint_prop:s0 + +# Battery +vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 +persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 + +# USB +persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0 +vendor.usb. u:object_r:vendor_usb_config_prop:s0 + +# Dynamic sensor +vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 diff --git a/vendor/ramdump_app.te b/vendor/ramdump_app.te new file mode 100644 index 0000000..308e9fb --- /dev/null +++ b/vendor/ramdump_app.te @@ -0,0 +1,24 @@ +type ramdump_app, domain; + +userdebug_or_eng(` + app_domain(ramdump_app) + + allow ramdump_app app_api_service:service_manager find; + + allow ramdump_app ramdump_vendor_data_file:file create_file_perms; + allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; + + set_prop(ramdump_app, vendor_ramdump_prop) + get_prop(ramdump_app, system_boot_reason_prop) + + # To access ramdumpfs. + allow ramdump_app mnt_vendor_file:dir search; + allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; + allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; + + # To access subsystem ramdump files and dirs. + allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; + allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; + allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; + allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; +') diff --git a/vendor/rlsservice.te b/vendor/rlsservice.te new file mode 100644 index 0000000..186471a --- /dev/null +++ b/vendor/rlsservice.te @@ -0,0 +1,32 @@ +type rlsservice, domain; +type rlsservice_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(rlsservice) +vndbinder_use(rlsservice) +add_service(rlsservice, rls_service) + +# access rainbow sensor calibration files +allow rlsservice persist_file:dir search; +allow rlsservice persist_camera_file:dir search; +allow rlsservice persist_camera_file:file r_file_perms; +allow rlsservice mnt_vendor_file:dir search; + +# access device files +allow rlsservice rls_device:chr_file rw_file_perms; + +binder_call(rlsservice, hal_camera_default) + +# Allow access to display backlight information +allow rlsservice sysfs_leds:dir search; +allow rlsservice sysfs_leds:file r_file_perms; + +# Allow access to always-on compute device node +allow rlsservice device:dir r_file_perms; +allow rlsservice aoc_device:chr_file rw_file_perms; + +# For observing apex file changes +allow rlsservice apex_info_file:file r_file_perms; + +# Allow read camera property +get_prop(rlsservice, vendor_camera_prop); + diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts new file mode 100644 index 0000000..8f5eea1 --- /dev/null +++ b/vendor/seapp_contexts @@ -0,0 +1,38 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade +user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.omapi_agent domain=ofl_app type=app_data_file levelFrom=user + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all + +# SystemUI +user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all +user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all + diff --git a/vendor/service.te b/vendor/service.te new file mode 100644 index 0000000..85b1745 --- /dev/null +++ b/vendor/service.te @@ -0,0 +1,6 @@ +type hal_pixel_display_service, service_manager_type, hal_service_type; + +# WLC +type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; + +type arm_mali_platform_service, app_api_service, service_manager_type; diff --git a/vendor/service_contexts b/vendor/service_contexts new file mode 100644 index 0000000..ffa2639 --- /dev/null +++ b/vendor/service_contexts @@ -0,0 +1,5 @@ +com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 + +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 + +arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0 diff --git a/vendor/shell.te b/vendor/shell.te new file mode 100644 index 0000000..adc4eb6 --- /dev/null +++ b/vendor/shell.te @@ -0,0 +1,2 @@ +# wlc +dontaudit shell sysfs_wlc:dir search; \ No newline at end of file diff --git a/vendor/surfaceflinger.te b/vendor/surfaceflinger.te new file mode 100644 index 0000000..403734e --- /dev/null +++ b/vendor/surfaceflinger.te @@ -0,0 +1 @@ +allow surfaceflinger arm_mali_platform_service:service_manager find; diff --git a/vendor/system_app.te b/vendor/system_app.te new file mode 100644 index 0000000..4677e98 --- /dev/null +++ b/vendor/system_app.te @@ -0,0 +1,3 @@ +# WLC +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) diff --git a/vendor/system_server.te b/vendor/system_server.te new file mode 100644 index 0000000..853e3cf --- /dev/null +++ b/vendor/system_server.te @@ -0,0 +1,5 @@ +# Allow system server to send sensor data callbacks to GPS +binder_call(system_server, gpsd); +binder_call(system_server, hal_camera_default); + +allow system_server arm_mali_platform_service:service_manager find; diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te new file mode 100644 index 0000000..312d8c8 --- /dev/null +++ b/vendor/systemui_app.te @@ -0,0 +1,24 @@ +type systemui_app, domain, coredomain; +app_domain(systemui_app) +allow systemui_app app_api_service:service_manager find; +allow systemui_app network_score_service:service_manager find; +allow systemui_app overlay_service:service_manager find; +allow systemui_app color_display_service:service_manager find; +allow systemui_app audioserver_service:service_manager find; +allow systemui_app cameraserver_service:service_manager find; +allow systemui_app mediaserver_service:service_manager find; +allow systemui_app radio_service:service_manager find; + +get_prop(systemui_app, keyguard_config_prop) +set_prop(systemui_app, bootanim_system_prop) + +allow systemui_app pixel_battery_service_type:service_manager find; +binder_call(systemui_app, pixel_battery_domain) + +allow systemui_app screen_protector_detector_service:service_manager find; +allow systemui_app touch_context_service:service_manager find; +binder_call(systemui_app, twoshay) + +# WLC +allow systemui_app hal_wireless_charger_service:service_manager find; +binder_call(systemui_app, hal_wireless_charger) diff --git a/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te new file mode 100644 index 0000000..1018104 --- /dev/null +++ b/vendor/tcpdump_logger.te @@ -0,0 +1,5 @@ +type tcpdump_logger, domain; +type tcpdump_logger_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(tcpdump_logger) + diff --git a/vendor/tee.te b/vendor/tee.te new file mode 100644 index 0000000..67509b8 --- /dev/null +++ b/vendor/tee.te @@ -0,0 +1,17 @@ +# Handle wake locks +wakelock_use(tee) + +allow tee persist_ss_file:file create_file_perms; +allow tee persist_ss_file:dir create_dir_perms; +allow tee persist_file:dir r_dir_perms; +allow tee mnt_vendor_file:dir r_dir_perms; +allow tee tee_data_file:dir rw_dir_perms; +allow tee tee_data_file:lnk_file r_file_perms; +allow tee sg_device:chr_file rw_file_perms; +allow tee tee_persist_block_device:blk_file rw_file_perms; +allow tee block_device:dir search; + +# Allow storageproxyd access to gsi_public_metadata_file +read_fstab(tee) + +set_prop(tee, vendor_trusty_storage_prop) diff --git a/vendor/toolbox.te b/vendor/toolbox.te new file mode 100644 index 0000000..9fbbb7a --- /dev/null +++ b/vendor/toolbox.te @@ -0,0 +1,3 @@ +allow toolbox ram_device:blk_file rw_file_perms; +allow toolbox per_boot_file:dir create_dir_perms; +allow toolbox per_boot_file:file create_file_perms; diff --git a/vendor/trusty_apploader.te b/vendor/trusty_apploader.te new file mode 100644 index 0000000..983e3a0 --- /dev/null +++ b/vendor/trusty_apploader.te @@ -0,0 +1,7 @@ +type trusty_apploader, domain; +type trusty_apploader_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(trusty_apploader) + +allow trusty_apploader ion_device:chr_file r_file_perms; +allow trusty_apploader tee_device:chr_file rw_file_perms; +allow trusty_apploader dmabuf_system_heap_device:chr_file r_file_perms; diff --git a/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te new file mode 100644 index 0000000..63fc85b --- /dev/null +++ b/vendor/trusty_metricsd.te @@ -0,0 +1,11 @@ +type trusty_metricsd, domain; +type trusty_metricsd_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(trusty_metricsd) + +allow trusty_metricsd tee_device:chr_file rw_file_perms; + +# For Suez metrics collection +binder_use(trusty_metricsd) +binder_call(trusty_metricsd, system_server) +allow trusty_metricsd fwk_stats_service:service_manager find; diff --git a/vendor/twoshay.te b/vendor/twoshay.te new file mode 100644 index 0000000..09cc98e --- /dev/null +++ b/vendor/twoshay.te @@ -0,0 +1,2 @@ +# Allow ITouchContextService callback +binder_call(twoshay, systemui_app) diff --git a/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te new file mode 100644 index 0000000..04e532e --- /dev/null +++ b/vendor/ufs_firmware_update.te @@ -0,0 +1,12 @@ +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + +userdebug_or_eng(` + init_daemon_domain(ufs_firmware_update) + + allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; + allow ufs_firmware_update block_device:dir r_dir_perms; + allow ufs_firmware_update ufs_internal_block_device:blk_file rw_file_perms; + allow ufs_firmware_update sysfs:dir r_dir_perms; + allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; +') diff --git a/vendor/update_engine.te b/vendor/update_engine.te new file mode 100644 index 0000000..b4f3cf8 --- /dev/null +++ b/vendor/update_engine.te @@ -0,0 +1,2 @@ +allow update_engine custom_ab_block_device:blk_file rw_file_perms; +allow update_engine modem_block_device:blk_file rw_file_perms; diff --git a/vendor/uwb_vendor_app.te b/vendor/uwb_vendor_app.te new file mode 100644 index 0000000..d249d36 --- /dev/null +++ b/vendor/uwb_vendor_app.te @@ -0,0 +1,4 @@ +type uwb_vendor_app, domain; + +app_domain(uwb_vendor_app) + diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te new file mode 100644 index 0000000..646aa0f --- /dev/null +++ b/vendor/vendor_init.te @@ -0,0 +1,31 @@ +# Fingerprint property +set_prop(vendor_init, vendor_fingerprint_prop) +# Battery harness mode property +set_prop(vendor_init, vendor_battery_defender_prop) + +set_prop(vendor_init, logpersistd_logging_prop) + +allow vendor_init proc_dirty:file w_file_perms; +allow vendor_init proc_sched:file w_file_perms; +allow vendor_init sg_device:chr_file r_file_perms; +allow vendor_init bootdevice_sysdev:file create_file_perms; +allow vendor_init modem_img_file:filesystem { getattr }; + +userdebug_or_eng(` +allow vendor_init vendor_init:lockdown { integrity }; +') + +# Camera vendor property +set_prop(vendor_init, vendor_camera_prop) + +# NFC vendor property +set_prop(vendor_init, vendor_nfc_prop) +# SecureElement vendor property +set_prop(vendor_init, vendor_secure_element_prop) + +# USB property +set_prop(vendor_init, vendor_usb_config_prop) + +# Mali +set_prop(vendor_init, vendor_arm_runtime_option_prop) +set_prop(vendor_init, vendor_ssrdump_prop) diff --git a/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te new file mode 100644 index 0000000..5216019 --- /dev/null +++ b/vendor/vendor_uwb_init.te @@ -0,0 +1,4 @@ +type vendor_uwb_init, domain; +type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; + +init_daemon_domain(vendor_uwb_init) diff --git a/vendor/vndservice.te b/vendor/vndservice.te new file mode 100644 index 0000000..12a4819 --- /dev/null +++ b/vendor/vndservice.te @@ -0,0 +1 @@ +type vendor_surfaceflinger_vndservice, vndservice_manager_type; diff --git a/vendor/vndservice_contexts b/vendor/vndservice_contexts new file mode 100644 index 0000000..4f9f5a7 --- /dev/null +++ b/vendor/vndservice_contexts @@ -0,0 +1 @@ +Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0 diff --git a/vendor/wifi_sniffer.te b/vendor/wifi_sniffer.te new file mode 100644 index 0000000..1faffce --- /dev/null +++ b/vendor/wifi_sniffer.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` +allow wifi_sniffer sysfs_wifi:dir search; +allow wifi_sniffer sysfs_wifi:file rw_file_perms; +') diff --git a/widevine/file.te b/widevine/file.te new file mode 100644 index 0000000..a1e4e0e --- /dev/null +++ b/widevine/file.te @@ -0,0 +1,3 @@ +# Widevine DRM +type mediadrm_vendor_data_file, file_type, data_file_type; + diff --git a/widevine/file_contexts b/widevine/file_contexts new file mode 100644 index 0000000..92aed3c --- /dev/null +++ b/widevine/file_contexts @@ -0,0 +1,5 @@ +/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0 +/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 + +# Data +/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 diff --git a/widevine/hal_drm_clearkey.te b/widevine/hal_drm_clearkey.te new file mode 100644 index 0000000..0e0a5c2 --- /dev/null +++ b/widevine/hal_drm_clearkey.te @@ -0,0 +1,5 @@ +type hal_drm_clearkey, domain; +type hal_drm_clearkey_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_drm_clearkey) + +hal_server_domain(hal_drm_clearkey, hal_drm) diff --git a/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te new file mode 100644 index 0000000..1ecfa92 --- /dev/null +++ b/widevine/hal_drm_widevine.te @@ -0,0 +1,12 @@ +type hal_drm_widevine, domain; +type hal_drm_widevine_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(hal_drm_widevine) + +hal_server_domain(hal_drm_widevine, hal_drm) + +# L3 +allow hal_drm_widevine mediadrm_vendor_data_file:file create_file_perms; +allow hal_drm_widevine mediadrm_vendor_data_file:dir create_dir_perms; + +# L1 +allow hal_drm_widevine dmabuf_system_heap_device:chr_file r_file_perms; diff --git a/widevine/service_contexts b/widevine/service_contexts new file mode 100644 index 0000000..6989dde --- /dev/null +++ b/widevine/service_contexts @@ -0,0 +1 @@ +android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk new file mode 100644 index 0000000..a5757bf --- /dev/null +++ b/zumapro-sepolicy.mk @@ -0,0 +1,23 @@ +# sepolicy that are shared among devices using zumapro +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/vendor +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/radio +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/radio/private + +# unresolved SELinux error log with bug tracking +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/tracking_denials + +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/private + +# system_ext +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/private + +# PowerStats HAL +BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats + +# To be reviewed and removed. +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private + From d9e2e6aae986fd7ae293365058066e40aba00a1b Mon Sep 17 00:00:00 2001 From: Robin Peng Date: Tue, 11 Apr 2023 10:25:55 +0000 Subject: [PATCH 003/321] Sync with device/google/zuma-sepolicy cfa00dfc881e3 Bug: 272725898 Change-Id: I9125ed760c0b4c688cf37720f5d4a744f2484be7 --- private/vendor_init.te | 2 ++ radio/hal_radioext_default.te | 6 +++++ radio/keys.conf | 2 +- radio/property.te | 3 ++- radio/property_contexts | 2 +- tracking_denials/bug_map | 4 ++-- tracking_denials/dumpstate.te | 2 ++ tracking_denials/gmscore_app.te | 10 -------- tracking_denials/google_camera_app.te | 30 ++++-------------------- tracking_denials/hal_radioext_default.te | 2 ++ tracking_denials/logd.te | 7 ------ tracking_denials/systemui.te | 4 ---- vendor/file_contexts | 2 +- vendor/google_camera_app.te | 7 ++++++ vendor/hal_bootctl_default.te | 1 + vendor/hal_camera_default.te | 4 ++++ vendor/logd.te | 4 ++++ vendor/property.te | 1 + vendor/property_contexts | 1 + vendor/twoshay.te | 2 ++ 20 files changed, 43 insertions(+), 53 deletions(-) create mode 100644 private/vendor_init.te create mode 100644 tracking_denials/dumpstate.te delete mode 100644 tracking_denials/gmscore_app.te create mode 100644 tracking_denials/hal_radioext_default.te delete mode 100644 tracking_denials/logd.te delete mode 100644 tracking_denials/systemui.te create mode 100644 vendor/logd.te diff --git a/private/vendor_init.te b/private/vendor_init.te new file mode 100644 index 0000000..812f9e1 --- /dev/null +++ b/private/vendor_init.te @@ -0,0 +1,2 @@ +# b/277300125 +dontaudit vendor_init device_config_configuration_prop:property_service { set }; diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te index bbdd2a0..6e17e19 100644 --- a/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -19,3 +19,9 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; + +# Twoshay +binder_use(hal_radioext_default) +allow hal_radioext_default gril_antenna_tuning_service:service_manager find; +binder_call(hal_radioext_default, gril_antenna_tuning_service) +binder_call(hal_radioext_default, twoshay) diff --git a/radio/keys.conf b/radio/keys.conf index 4784c60..45db97d 100644 --- a/radio/keys.conf +++ b/radio/keys.conf @@ -1,3 +1,3 @@ [@MDS] -ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem +ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem diff --git a/radio/property.te b/radio/property.te index b2027e5..25d9454 100644 --- a/radio/property.te +++ b/radio/property.te @@ -1,3 +1,4 @@ +# P24 vendor properties vendor_internal_prop(vendor_carrier_prop) vendor_internal_prop(vendor_cbd_prop) vendor_internal_prop(vendor_slog_prop) @@ -9,8 +10,8 @@ vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_imssvc_prop) vendor_internal_prop(vendor_gps_prop) -vendor_internal_prop(vendor_logger_prop) vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app vendor_internal_prop(vendor_telephony_app_prop) + diff --git a/radio/property_contexts b/radio/property_contexts index 602b411..0cad5bc 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -20,7 +20,6 @@ persist.vendor.config. u:object_r:vendor_persist_config_defa # for logger app vendor.pixellogger. u:object_r:vendor_logger_prop:s0 persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0 -persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0 # Modem persist.vendor.modem. u:object_r:vendor_modem_prop:s0 @@ -57,3 +56,4 @@ persist.vendor.gps. u:object_r:vendor_gps_prop:s0 # Tcpdump_logger persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 + diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 8903cdd..8af6ec0 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -21,8 +21,6 @@ hal_dumpstate_default vendor_tcpdump_log_prop file b/273638940 hal_power_default sysfs file b/273638876 hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151 hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151 -hal_thermal_default sysfs file b/272166722 -hal_thermal_default sysfs file b/272166987 hal_uwb_default debugfs file b/273639365 incidentd apex_art_data_file file b/272628762 incidentd incidentd anon_inode b/274374992 @@ -49,6 +47,8 @@ untrusted_app default_android_service service_manager b/264599934 vendor_init device_config_configuration_prop property_service b/267714573 vendor_init device_config_configuration_prop property_service b/268566481 vendor_init device_config_configuration_prop property_service b/273143844 +vendor_init device_config_configuration_prop property_service b/275645636 +vendor_init device_config_configuration_prop property_service b/275646003 vendor_init tee_data_file lnk_file b/267714573 vendor_init tee_data_file lnk_file b/272166664 vendor_init vendor_camera_prop property_service b/267714573 diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..3313642 --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155496 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/gmscore_app.te b/tracking_denials/gmscore_app.te deleted file mode 100644 index a5a791b..0000000 --- a/tracking_denials/gmscore_app.te +++ /dev/null @@ -1,10 +0,0 @@ -# b/259302023 -dontaudit gmscore_app property_type:file *; -# b/260365725 -dontaudit gmscore_app property_type:file *; -# b/260522434 -dontaudit gmscore_app modem_img_file:filesystem { getattr }; -# b/264489521 -userdebug_or_eng(` - permissive gmscore_app; -') diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te index 84c0aca..b6994f9 100644 --- a/tracking_denials/google_camera_app.te +++ b/tracking_denials/google_camera_app.te @@ -1,29 +1,7 @@ -# b/262455755 -dontaudit google_camera_app activity_service:service_manager { find }; -dontaudit google_camera_app cameraserver_service:service_manager { find }; -dontaudit google_camera_app content_capture_service:service_manager { find }; -dontaudit google_camera_app device_state_service:service_manager { find }; -dontaudit google_camera_app edgetpu_app_service:service_manager { find }; -dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; -dontaudit google_camera_app edgetpu_device:chr_file { map }; -dontaudit google_camera_app edgetpu_device:chr_file { read write }; -dontaudit google_camera_app fwk_stats_service:service_manager { find }; -dontaudit google_camera_app game_service:service_manager { find }; -dontaudit google_camera_app mediaserver_service:service_manager { find }; -dontaudit google_camera_app netstats_service:service_manager { find }; -dontaudit google_camera_app sensorservice_service:service_manager { find }; -dontaudit google_camera_app surfaceflinger_service:service_manager { find }; -dontaudit google_camera_app thermal_service:service_manager { find }; # b/264490031 userdebug_or_eng(` permissive google_camera_app; -')# b/264483456 -dontaudit google_camera_app backup_service:service_manager { find }; -# b/264600171 -dontaudit google_camera_app audio_service:service_manager { find }; -dontaudit google_camera_app legacy_permission_service:service_manager { find }; -dontaudit google_camera_app permission_checker_service:service_manager { find }; -# b/265220235 -dontaudit google_camera_app virtual_device_service:service_manager { find }; -# b/267843408 -dontaudit google_camera_app device_policy_service:service_manager { find }; +') +# b/277300017 +dontaudit google_camera_app cameraserver_service:service_manager { find }; +dontaudit google_camera_app mediaserver_service:service_manager { find }; diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te new file mode 100644 index 0000000..d37fc60 --- /dev/null +++ b/tracking_denials/hal_radioext_default.te @@ -0,0 +1,2 @@ +# b/275646098 +dontaudit hal_radioext_default service_manager_type:service_manager find; diff --git a/tracking_denials/logd.te b/tracking_denials/logd.te deleted file mode 100644 index ab19623..0000000 --- a/tracking_denials/logd.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/261105354 -dontaudit logd trusty_log_device:chr_file { open }; -dontaudit logd trusty_log_device:chr_file { read }; -# b/264489639 -userdebug_or_eng(` - permissive logd; -') \ No newline at end of file diff --git a/tracking_denials/systemui.te b/tracking_denials/systemui.te deleted file mode 100644 index 3159dd9..0000000 --- a/tracking_denials/systemui.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264266705 -userdebug_or_eng(` - permissive systemui_app; -') diff --git a/vendor/file_contexts b/vendor/file_contexts index f08be98..0a24947 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -163,5 +163,5 @@ /dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/vframe-secure u:object_r:video_secure_heap_device:s0 /dev/dma_heap/vscaler-secure u:object_r:video_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:video_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/uci u:object_r:uci_device:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index b4ba6c1..9c233fe 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -6,3 +6,10 @@ allow google_camera_app gxp_device:chr_file rw_file_perms; # Allows camera app to access the PowerHAL. hal_client_domain(google_camera_app, hal_power) + +# Allow camera app to access the a subset of app services. +allow google_camera_app app_api_service:service_manager find; + +# Allows GCA to access the EdgeTPU device. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te index fe017f9..2db4651 100644 --- a/vendor/hal_bootctl_default.te +++ b/vendor/hal_bootctl_default.te @@ -1,3 +1,4 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; +allow hal_bootctl_default tee_device:chr_file rw_file_perms; diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 7acd698..666ad73 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -14,6 +14,10 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms; allow hal_camera_default edgetpu_device:chr_file rw_file_perms; allow hal_camera_default edgetpu_vendor_service:service_manager find; binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging +# library has a dependency on edgetpu_app_service, see b/275016466. +allow hal_camera_default edgetpu_app_service:service_manager find; +binder_call(hal_camera_default, edgetpu_app_server) # Allow access to data files used by the camera HAL allow hal_camera_default mnt_vendor_file:dir search; diff --git a/vendor/logd.te b/vendor/logd.te new file mode 100644 index 0000000..ca969d8 --- /dev/null +++ b/vendor/logd.te @@ -0,0 +1,4 @@ +r_dir_file(logd, logbuffer_device) +allow logd logbuffer_device:chr_file r_file_perms; +allow logd trusty_log_device:chr_file r_file_perms; + diff --git a/vendor/property.te b/vendor/property.te index ed6caac..a7450c3 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -10,3 +10,4 @@ vendor_internal_prop(vendor_usb_config_prop) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) + diff --git a/vendor/property_contexts b/vendor/property_contexts index 2d469d5..b020540 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -17,3 +17,4 @@ vendor.usb. u:object_r:vendor_usb_config_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 + diff --git a/vendor/twoshay.te b/vendor/twoshay.te index 09cc98e..219619a 100644 --- a/vendor/twoshay.te +++ b/vendor/twoshay.te @@ -1,2 +1,4 @@ # Allow ITouchContextService callback binder_call(twoshay, systemui_app) + +binder_call(twoshay, hal_radioext_default) From bc5690cd84248009bd6b46ea541296eabb434c1f Mon Sep 17 00:00:00 2001 From: Minchan Kim Date: Tue, 11 Apr 2023 21:56:34 +0000 Subject: [PATCH 004/321] remove dump_cma.sh We will introduce it into gs-common Bug: 276901078 Change-Id: I395e3ca45a3ad4aa346e56fd8746ffc70ae94107 Signed-off-by: Minchan Kim --- vendor/dump_cma.te | 7 ------- vendor/file.te | 1 - vendor/file_contexts | 1 - vendor/genfs_contexts | 1 - 4 files changed, 10 deletions(-) diff --git a/vendor/dump_cma.te b/vendor/dump_cma.te index bf5edf2..e69de29 100644 --- a/vendor/dump_cma.te +++ b/vendor/dump_cma.te @@ -1,7 +0,0 @@ -pixel_bugreport(dump_cma) - -userdebug_or_eng(` - allow dump_cma vendor_toolbox_exec:file execute_no_trans; - allow dump_cma vendor_cma_debugfs:dir r_dir_perms; - allow dump_cma vendor_cma_debugfs:file r_file_perms; -') diff --git a/vendor/file.te b/vendor/file.te index cf4ad9f..6560298 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -23,7 +23,6 @@ type vendor_battery_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; type vendor_usb_debugfs, fs_type, debugfs_type; type vendor_maxfg_debugfs, fs_type, debugfs_type; -type vendor_cma_debugfs, fs_type, debugfs_type; # WLC type sysfs_wlc, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index f08be98..c81c043 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -14,7 +14,6 @@ /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 /vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 5acd7ba..6c42219 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -24,7 +24,6 @@ genfscon debugfs /google_battery u:object genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /cma u:object_r:vendor_cma_debugfs:s0 # Extcon genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 From 129741a26906259128da1f223da611a994a6f8d1 Mon Sep 17 00:00:00 2001 From: Ankit Goyal Date: Wed, 19 Apr 2023 11:50:47 -0700 Subject: [PATCH 005/321] Mark video secure devices as default dmabuf heaps Mali driver (and codec HAL as well) require direct access to video secure dmabuf devices. Mali driver being an SP-HAL cannot explicitly write blanket rules for all the scontext. So, we piggyback on dmabuf_system_secure_heap_device to allow all scontext to be able to use these device nodes. This is just as secure as dmabuf_system_secure_heap_device in that case. There is no additional security impact. An app can still use gralloc to allocate buffers from these heaps and disallowing access to these heaps to the intended users. Bug: 278513588 Test: Trusting result of ag/22743596 (no zumapro device yet) Change-Id: I2fd77e6694cdd4d1e51c9f01f4ae2b9f9670cea0 --- vendor/device.te | 2 +- vendor/file_contexts | 4 ++-- vendor/hal_graphics_allocator_default.te | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/vendor/device.te b/vendor/device.te index 50510d6..17a162c 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -12,7 +12,7 @@ type uci_device, dev_type; # Dmabuf heaps type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type video_secure_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index ae84231..5de8b1e 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -160,7 +160,7 @@ /dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:video_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:video_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 /dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/uci u:object_r:uci_device:s0 diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index e322c3a..f77d094 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,4 +1,4 @@ allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default video_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; From 30ab75917728763191a461247baaf9f7c2386e32 Mon Sep 17 00:00:00 2001 From: Robin Peng Date: Sun, 30 Apr 2023 00:59:33 +0000 Subject: [PATCH 006/321] Sync with device/google/zuma-sepolicy a89fbcc4aa1ae fix build breakage: device/google/zumapro-sepolicy/legacy/whitechapel_pro/file.te:4:ERROR 'Duplicate declaration of type' at token ';' on line 104436: type tcpdump_vendor_data_file, file_type, data_file_type; type updated_wifi_firmware_data_file, file_type, data_file_type; Bug: 272725898 Change-Id: Ic17d18409c28760d172a4ee7a5beb6c90016a381 --- legacy/whitechapel_pro/device.te | 2 -- legacy/whitechapel_pro/file.te | 4 --- legacy/whitechapel_pro/file_contexts | 3 -- .../hal_input_processor_default.te | 2 ++ legacy/whitechapel_pro/property.te | 3 -- legacy/whitechapel_pro/property_contexts | 3 -- private/odrefresh.te | 4 --- radio/file.te | 1 + radio/file_contexts | 1 + radio/grilservice_app.te | 2 ++ radio/modem_ml_svc_sit.te | 4 +++ radio/property.te | 2 +- radio/seapp_contexts | 4 +++ radio/vendor_ims_remote_app.te | 4 +++ radio/vendor_rcs_service_app.te | 5 +++ tracking_denials/bootanim.te | 2 -- tracking_denials/bug_map | 19 ++--------- tracking_denials/chre.te | 4 --- tracking_denials/google_camera_app.te | 7 ---- tracking_denials/hal_camera_default.te | 4 --- tracking_denials/hal_contexthub_default.te | 7 ---- tracking_denials/hal_neuralnetworks_armnn.te | 16 --------- tracking_denials/hal_power_default.te | 3 -- tracking_denials/hal_radioext_default.te | 2 -- tracking_denials/hwservicemanager.te | 4 --- tracking_denials/installd.te | 6 ---- tracking_denials/priv_app.te | 21 ------------ .../rebalance_interrupts_vendor.te | 4 --- tracking_denials/recovery.te | 4 --- tracking_denials/servicemanager.te | 6 ---- tracking_denials/system_suspend.te | 2 -- tracking_denials/tcpdump_logger.te | 4 --- vendor/bootanim.te | 1 + vendor/charger_vendor.te | 7 ++++ vendor/device.te | 4 +++ vendor/dump_cma.te | 0 vendor/dumpstate.te | 2 ++ vendor/file.te | 3 ++ vendor/file_contexts | 34 ++++++++++++++----- vendor/genfs_contexts | 6 ++++ vendor/google_camera_app.te | 21 ++++++++---- vendor/hal_bluetooth_btlinux.te | 3 ++ vendor/hal_camera_default.te | 5 +++ vendor/hal_contexthub_default.te | 2 ++ vendor/hal_graphics_allocator_default.te | 1 + vendor/hal_memtrack_default.te | 1 + vendor/hal_secure_element_st54spi.te | 7 ---- vendor/hal_secure_element_st54spi_aidl.te | 7 ++++ vendor/installd.te | 1 + vendor/ofl_app.te | 17 ---------- vendor/pixelstats_vendor.te | 4 +++ vendor/property.te | 5 +++ vendor/property_contexts | 5 +++ vendor/recovery.te | 8 +++++ vendor/seapp_contexts | 3 -- vendor/systemui_app.te | 4 +++ vendor/tcpdump_logger.te | 18 +++++++++- vendor/update_engine.te | 1 + vendor/vendor_init.te | 6 ++++ 59 files changed, 160 insertions(+), 175 deletions(-) create mode 100644 legacy/whitechapel_pro/hal_input_processor_default.te delete mode 100644 private/odrefresh.te create mode 100644 radio/vendor_ims_remote_app.te create mode 100644 radio/vendor_rcs_service_app.te delete mode 100644 tracking_denials/bootanim.te delete mode 100644 tracking_denials/chre.te delete mode 100644 tracking_denials/google_camera_app.te delete mode 100644 tracking_denials/hal_camera_default.te delete mode 100644 tracking_denials/hal_contexthub_default.te delete mode 100644 tracking_denials/hal_neuralnetworks_armnn.te delete mode 100644 tracking_denials/hal_power_default.te delete mode 100644 tracking_denials/hal_radioext_default.te delete mode 100644 tracking_denials/hwservicemanager.te delete mode 100644 tracking_denials/installd.te delete mode 100644 tracking_denials/priv_app.te delete mode 100644 tracking_denials/recovery.te delete mode 100644 tracking_denials/servicemanager.te delete mode 100644 tracking_denials/system_suspend.te delete mode 100644 tracking_denials/tcpdump_logger.te create mode 100644 vendor/charger_vendor.te delete mode 100644 vendor/dump_cma.te create mode 100644 vendor/hal_contexthub_default.te create mode 100644 vendor/hal_memtrack_default.te delete mode 100644 vendor/hal_secure_element_st54spi.te create mode 100644 vendor/hal_secure_element_st54spi_aidl.te create mode 100644 vendor/installd.te delete mode 100644 vendor/ofl_app.te create mode 100644 vendor/recovery.te diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index c45efc2..bf6f21c 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -1,4 +1,3 @@ -type sda_block_device, dev_type; type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; @@ -6,4 +5,3 @@ type rls_device, dev_type; # Raw HID device type hidraw_device, dev_type; - diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index 38d3dc8..23d748b 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -1,15 +1,11 @@ # Data type updated_wifi_firmware_data_file, file_type, data_file_type; -type tcpdump_vendor_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; -userdebug_or_eng(` - typeattribute tcpdump_vendor_data_file mlstrustedobject; -') # sysfs type bootdevice_sysdev, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index ea564ed..a9901c0 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -2,7 +2,6 @@ /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 /vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 # Vendor libraries @@ -34,13 +33,11 @@ /dev/st21nfc u:object_r:nfc_device:s0 /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 -/dev/block/sda u:object_r:sda_block_device:s0 # Data /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 -/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 diff --git a/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/whitechapel_pro/hal_input_processor_default.te new file mode 100644 index 0000000..00d4c69 --- /dev/null +++ b/legacy/whitechapel_pro/hal_input_processor_default.te @@ -0,0 +1,2 @@ +# allow InputProcessor HAL to read the display resolution system property +get_prop(hal_input_processor_default, vendor_display_prop) diff --git a/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te index e3a8d4b..a62eef6 100644 --- a/legacy/whitechapel_pro/property.te +++ b/legacy/whitechapel_pro/property.te @@ -12,6 +12,3 @@ system_vendor_config_prop(vendor_uwb_calibration_prop) # Trusty storage FS ready vendor_internal_prop(vendor_trusty_storage_prop) - -# Mali Integration -vendor_public_prop(vendor_arm_runtime_option_prop) diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts index 6faf239..fa5c917 100644 --- a/legacy/whitechapel_pro/property_contexts +++ b/legacy/whitechapel_pro/property_contexts @@ -20,6 +20,3 @@ ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_pro # Trusty ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 - -# Mali GPU driver configuration and debug options -vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix diff --git a/private/odrefresh.te b/private/odrefresh.te deleted file mode 100644 index 83b1e63..0000000 --- a/private/odrefresh.te +++ /dev/null @@ -1,4 +0,0 @@ -userdebug_or_eng(` - permissive odrefresh; - dontaudit odrefresh property_type:file *; -') diff --git a/radio/file.te b/radio/file.te index d8d253a..daceb56 100644 --- a/radio/file.te +++ b/radio/file.te @@ -1,6 +1,7 @@ # Data type rild_vendor_data_file, file_type, data_file_type; type vendor_gps_file, file_type, data_file_type; +type modem_ml_data_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; diff --git a/radio/file_contexts b/radio/file_contexts index 82a519b..8d74be8 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -19,6 +19,7 @@ /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0 +/data/vendor/modem_ml(/.*)? u:object_r:modem_ml_data_file:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 /data/vendor/rild(/.*)? u:object_r:rild_vendor_data_file:s0 diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 7809537..2525bab 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -8,6 +8,8 @@ allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find; allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find; +allow grilservice_app radio_vendor_data_file:dir create_dir_perms; +allow grilservice_app radio_vendor_data_file:file create_file_perms; binder_call(grilservice_app, hal_bluetooth_btlinux) binder_call(grilservice_app, hal_radioext_default) binder_call(grilservice_app, hal_wifi_ext) diff --git a/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te index e742dbf..d094fb6 100644 --- a/radio/modem_ml_svc_sit.te +++ b/radio/modem_ml_svc_sit.te @@ -11,6 +11,10 @@ allow modem_ml_svc_sit radio_device:chr_file rw_file_perms; allow modem_ml_svc_sit radio_vendor_data_file:dir create_dir_perms; allow modem_ml_svc_sit radio_vendor_data_file:file create_file_perms; +# Grant modem ml data file/dir creation permission +allow modem_ml_svc_sit modem_ml_data_file:dir create_dir_perms; +allow modem_ml_svc_sit modem_ml_data_file:file create_file_perms; + # Grant modem ml models config files access allow modem_ml_svc_sit modem_config_file:file r_file_perms; diff --git a/radio/property.te b/radio/property.te index 25d9454..16ccefc 100644 --- a/radio/property.te +++ b/radio/property.te @@ -1,4 +1,4 @@ -# P24 vendor properties +# P23 vendor properties vendor_internal_prop(vendor_carrier_prop) vendor_internal_prop(vendor_cbd_prop) vendor_internal_prop(vendor_slog_prop) diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 9e74853..6d0de36 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -14,7 +14,11 @@ user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_ user=_app isPrivApp=true name=com.samsung.slsi.telephony.oemril domain=oemrilservice_app levelFrom=all user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all user=_app isPrivApp=true name=com.shannon.rcsservice domain=vendor_rcs_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.rcsservice:shannonrcsservice domain=vendor_rcs_service_app levelFrom=all user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all +user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all +user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all + # slsi logging apps user=system seinfo=platform name=com.samsung.slsi.telephony.silentlogging domain=vendor_telephony_silentlogging_app levelFrom=all diff --git a/radio/vendor_ims_remote_app.te b/radio/vendor_ims_remote_app.te new file mode 100644 index 0000000..f5d3846 --- /dev/null +++ b/radio/vendor_ims_remote_app.te @@ -0,0 +1,4 @@ +type vendor_ims_remote_app, domain; +app_domain(vendor_ims_remote_app) + +allow vendor_ims_remote_app app_api_service:service_manager find; diff --git a/radio/vendor_rcs_service_app.te b/radio/vendor_rcs_service_app.te new file mode 100644 index 0000000..a7ae221 --- /dev/null +++ b/radio/vendor_rcs_service_app.te @@ -0,0 +1,5 @@ +type vendor_rcs_service_app, domain; +app_domain(vendor_rcs_service_app) + +allow vendor_rcs_service_app app_api_service:service_manager find; +allow vendor_rcs_service_app radio_service:service_manager find; diff --git a/tracking_denials/bootanim.te b/tracking_denials/bootanim.te deleted file mode 100644 index e15c110..0000000 --- a/tracking_denials/bootanim.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/260522279 -dontaudit bootanim system_data_file:dir { search }; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 8af6ec0..821f41d 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -4,8 +4,7 @@ con_monitor_app dalvikcache_data_file dir b/264483670 con_monitor_app dalvikcache_data_file file b/264483670 con_monitor_app mnt_expand_file dir b/264483670 con_monitor_app system_data_file lnk_file b/264483670 -dumpstate app_zygote process b/264483390 -dumpstate sysfs_scsi_devices_0000 file b/272166771 +dumpstate app_zygote process b/279680264 google_camera_app audio_service service_manager b/264600171 google_camera_app backup_service service_manager b/264483456 google_camera_app legacy_permission_service service_manager b/264600171 @@ -14,14 +13,10 @@ hal_audio_default hal_audio_default binder b/274374769 hal_bootctl_default hal_bootctl_default capability b/274727372 hal_camera_default edgetpu_app_server binder b/275001641 hal_camera_default edgetpu_app_service service_manager b/275001641 -hal_dumpstate_default vendor_displaycolor_service service_manager b/264482983 -hal_dumpstate_default vendor_displaycolor_service service_manager b/264600086 -hal_dumpstate_default vendor_modem_prop property_service b/264482983 -hal_dumpstate_default vendor_tcpdump_log_prop file b/273638940 -hal_power_default sysfs file b/273638876 +hal_input_processor_default vendor_display_prop file b/279680070 hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151 hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151 -hal_uwb_default debugfs file b/273639365 +hal_uwb_default debugfs file b/279680213 incidentd apex_art_data_file file b/272628762 incidentd incidentd anon_inode b/274374992 insmod-sh insmod-sh key b/274374722 @@ -32,16 +27,8 @@ mtectrl unlabeled dir b/264483752 platform_app bootanim_system_prop property_service b/264483532 servicemanager hal_fingerprint_default binder b/264483753 system_server default_android_service service_manager b/264483754 -systemui_app bootanim_system_prop property_service b/269964574 -systemui_app hal_googlebattery binder b/269964574 systemui_app init unix_stream_socket b/269964574 -systemui_app mediaextractor_service service_manager b/272628174 -systemui_app mediametrics_service service_manager b/272628174 -systemui_app mediaserver_service service_manager b/272628174 systemui_app property_socket sock_file b/269964574 -systemui_app qemu_hw_prop file b/269964574 -systemui_app twoshay binder b/269964574 -systemui_app vr_manager_service service_manager b/272628174 twoshay systemui_app binder b/269964558 untrusted_app default_android_service service_manager b/264599934 vendor_init device_config_configuration_prop property_service b/267714573 diff --git a/tracking_denials/chre.te b/tracking_denials/chre.te deleted file mode 100644 index beee716..0000000 --- a/tracking_denials/chre.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/261105224 -dontaudit chre hal_system_suspend_service:service_manager { find }; -dontaudit chre servicemanager:binder { call }; -dontaudit chre system_suspend_server:binder { call }; diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te deleted file mode 100644 index b6994f9..0000000 --- a/tracking_denials/google_camera_app.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/264490031 -userdebug_or_eng(` - permissive google_camera_app; -') -# b/277300017 -dontaudit google_camera_app cameraserver_service:service_manager { find }; -dontaudit google_camera_app mediaserver_service:service_manager { find }; diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index abc4811..0000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489778 -userdebug_or_eng(` - permissive hal_camera_default; -') diff --git a/tracking_denials/hal_contexthub_default.te b/tracking_denials/hal_contexthub_default.te deleted file mode 100644 index 3c9a51f..0000000 --- a/tracking_denials/hal_contexthub_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/261105182 -dontaudit hal_contexthub_default chre:unix_stream_socket { connectto }; -dontaudit hal_contexthub_default chre_socket:sock_file { write }; -# b/264489794 -userdebug_or_eng(` - permissive hal_contexthub_default; -') \ No newline at end of file diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index 8f3138c..0000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,16 +0,0 @@ -# b/260366177 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; -# b/260768359 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; -# b/260921579 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; -# b/264489188 -userdebug_or_eng(` - permissive hal_neuralnetworks_armnn; -') \ No newline at end of file diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te deleted file mode 100644 index 5925425..0000000 --- a/tracking_denials/hal_power_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/267261305 -dontaudit hal_power_default hal_power_default:capability { dac_override }; -dontaudit hal_power_default hal_power_default:capability { dac_read_search }; diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te deleted file mode 100644 index d37fc60..0000000 --- a/tracking_denials/hal_radioext_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/275646098 -dontaudit hal_radioext_default service_manager_type:service_manager find; diff --git a/tracking_denials/hwservicemanager.te b/tracking_denials/hwservicemanager.te deleted file mode 100644 index 53222bd..0000000 --- a/tracking_denials/hwservicemanager.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489781 -userdebug_or_eng(` - permissive hwservicemanager; -') diff --git a/tracking_denials/installd.te b/tracking_denials/installd.te deleted file mode 100644 index 95b0a2f..0000000 --- a/tracking_denials/installd.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/260522202 -dontaudit installd modem_img_file:filesystem { quotaget }; -# b/264490035 -userdebug_or_eng(` - permissive installd; -') \ No newline at end of file diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te deleted file mode 100644 index 604cf7d..0000000 --- a/tracking_denials/priv_app.te +++ /dev/null @@ -1,21 +0,0 @@ -# b/260366281 -dontaudit priv_app privapp_data_file:dir { getattr }; -dontaudit priv_app privapp_data_file:dir { search }; -dontaudit priv_app vendor_default_prop:file { getattr }; -dontaudit priv_app vendor_default_prop:file { map }; -dontaudit priv_app vendor_default_prop:file { open }; -# b/260522282 -dontaudit priv_app privapp_data_file:file { open }; -dontaudit priv_app privapp_data_file:file { setattr }; -# b/260768358 -dontaudit priv_app default_android_service:service_manager { find }; -# b/260922442 -dontaudit priv_app default_android_service:service_manager { find }; -# b/263185432 -dontaudit priv_app privapp_data_file:file { unlink }; -# b/264490074 -userdebug_or_eng(` - permissive priv_app; -')# b/268572216 -dontaudit priv_app privapp_data_file:dir { add_name }; -dontaudit priv_app privapp_data_file:dir { remove_name }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te index 26657eb..f38b36f 100644 --- a/tracking_denials/rebalance_interrupts_vendor.te +++ b/tracking_denials/rebalance_interrupts_vendor.te @@ -1,6 +1,2 @@ # b/260366278 dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; -# b/264489565 -userdebug_or_eng(` - permissive rebalance_interrupts_vendor; -') \ No newline at end of file diff --git a/tracking_denials/recovery.te b/tracking_denials/recovery.te deleted file mode 100644 index bd39922..0000000 --- a/tracking_denials/recovery.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264490092 -userdebug_or_eng(` - permissive recovery; -') \ No newline at end of file diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te deleted file mode 100644 index 142b95b..0000000 --- a/tracking_denials/servicemanager.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/263429985 -dontaudit servicemanager tee:binder { call }; -# b/264489962 -userdebug_or_eng(` - permissive servicemanager; -') \ No newline at end of file diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te deleted file mode 100644 index b834b57..0000000 --- a/tracking_denials/system_suspend.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/261105356 -dontaudit system_suspend_server chre:binder { transfer }; diff --git a/tracking_denials/tcpdump_logger.te b/tracking_denials/tcpdump_logger.te deleted file mode 100644 index b0a7046..0000000 --- a/tracking_denials/tcpdump_logger.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264490014 -userdebug_or_eng(` - permissive tcpdump_logger; -') \ No newline at end of file diff --git a/vendor/bootanim.te b/vendor/bootanim.te index cc36346..0289a4d 100644 --- a/vendor/bootanim.te +++ b/vendor/bootanim.te @@ -1 +1,2 @@ allow bootanim arm_mali_platform_service:service_manager find; +dontaudit bootanim system_data_file:dir { search }; diff --git a/vendor/charger_vendor.te b/vendor/charger_vendor.te new file mode 100644 index 0000000..d992247 --- /dev/null +++ b/vendor/charger_vendor.te @@ -0,0 +1,7 @@ +# charger_vendor for battery in off-mode charging +allow charger_vendor mnt_vendor_file:dir search; +allow charger_vendor persist_file:dir search; +allow charger_vendor sysfs_batteryinfo:file w_file_perms; +allow charger_vendor sysfs_scsi_devices_0000:file r_file_perms; +dontaudit charger_vendor default_prop:file r_file_perms; +set_prop(charger_vendor, vendor_battery_defender_prop) diff --git a/vendor/device.te b/vendor/device.te index 17a162c..695c54f 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -13,6 +13,10 @@ type uci_device, dev_type; type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/vendor/dump_cma.te b/vendor/dump_cma.te deleted file mode 100644 index e69de29..0000000 diff --git a/vendor/dumpstate.te b/vendor/dumpstate.te index 03d0b40..dc0f6c9 100644 --- a/vendor/dumpstate.te +++ b/vendor/dumpstate.te @@ -3,6 +3,8 @@ dump_hal(hal_graphics_composer) dump_hal(hal_health) +dump_hal(hal_telephony) + dump_hal(hal_confirmationui) binder_call(dumpstate, hal_wireless_charger) diff --git a/vendor/file.te b/vendor/file.te index 6560298..cc0f2b9 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -30,6 +30,9 @@ type sysfs_wlc, sysfs_type, fs_type; # CHRE type chre_socket, file_type; +# BT +type vendor_bt_data_file, file_type, data_file_type; + # Data type sensor_reg_data_file, file_type, data_file_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 5de8b1e..547067b 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -3,7 +3,7 @@ /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 @@ -12,6 +12,7 @@ /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 @@ -26,6 +27,7 @@ /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -34,6 +36,8 @@ # Vendor libraries /vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 # persist /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 @@ -44,6 +48,7 @@ # Devices /dev/bbd_pwrstat u:object_r:power_stats_device:s0 /dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 @@ -99,23 +104,29 @@ /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 /dev/lwis-be-core u:object_r:lwis_device:s0 /dev/lwis-csi u:object_r:lwis_device:s0 /dev/lwis-dpm u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 /dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 /dev/lwis-g3aa u:object_r:lwis_device:s0 @@ -129,27 +140,31 @@ /dev/lwis-isp-fe u:object_r:lwis_device:s0 /dev/lwis-lme u:object_r:lwis_device:s0 /dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 /dev/lwis-pdp u:object_r:lwis_device:s0 /dev/lwis-scsc u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-buraq u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 /dev/lwis-sensor-kraken u:object_r:lwis_device:s0 /dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-sensor-nagual u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-slc u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-vl53l8 u:object_r:lwis_device:s0 -# Although stmvl53l1_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-vl53l8 for a better maintenance instead of creating another device type. -/dev/stmvl53l1_ranging u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 /dev/lwis-votf u:object_r:lwis_device:s0 /dev/st54spi u:object_r:st54spi_device:s0 /dev/trusty-ipc-dev0 u:object_r:tee_device:s0 @@ -160,6 +175,7 @@ /dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 /dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 /dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 6c42219..28ac6d2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -11,6 +11,8 @@ genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo # Fabric genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 # EdgeTPU genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 @@ -446,6 +448,7 @@ genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 # Trusty genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 @@ -456,6 +459,9 @@ genfscon sysfs /kernel/pixel_em/active_profile u:obje # GPU genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 # GSA logs genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index 9c233fe..8c030f4 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,15 +1,24 @@ type google_camera_app, domain, coredomain; app_domain(google_camera_app) +net_domain(google_camera_app) -# Allows camera app to access the GXP device. +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to acccess the GXP device and search for the firmware file. allow google_camera_app gxp_device:chr_file rw_file_perms; +allow google_camera_app vendor_fw_file:dir search; -# Allows camera app to access the PowerHAL. +# Allows GCA to access the PowerHAL. hal_client_domain(google_camera_app, hal_power) -# Allow camera app to access the a subset of app services. -allow google_camera_app app_api_service:service_manager find; - -# Allows GCA to access the EdgeTPU device. +# Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te index 2167b3c..c496ea0 100644 --- a/vendor/hal_bluetooth_btlinux.te +++ b/vendor/hal_bluetooth_btlinux.te @@ -2,5 +2,8 @@ allow hal_bluetooth_btlinux aoc_device:chr_file rw_file_perms; allow hal_bluetooth_btlinux device:dir r_dir_perms; +allow hal_bluetooth_btlinux vendor_bt_data_file:dir rw_dir_perms; +allow hal_bluetooth_btlinux vendor_bt_data_file:file create_file_perms; + # allow the HAL to call cccdktimesync registered callbacks binder_call(hal_bluetooth_btlinux, vendor_cccdktimesync_app) diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 666ad73..a7d9db9 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -7,6 +7,8 @@ allow hal_camera_default lwis_device:chr_file rw_file_perms; # Face authentication code that is part of the camera HAL needs to allocate # dma_bufs and access the Trusted Execution Environment device node +allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms; +allow hal_camera_default tee_device:chr_file rw_file_perms; # Allow the camera hal to access the EdgeTPU service and the # Android shared memory allocated by the EdgeTPU service for @@ -82,6 +84,9 @@ binder_call(hal_camera_default, hal_radioext_default); allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) +# Allow access to always-on compute device node +allow hal_camera_default aoc_device:chr_file rw_file_perms; + # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te new file mode 100644 index 0000000..7e0eef2 --- /dev/null +++ b/vendor/hal_contexthub_default.te @@ -0,0 +1,2 @@ +# Allow context hub HAL to communicate with daemon via socket +unix_socket_connect(hal_contexthub_default, chre, chre) diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index f77d094..628329b 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -2,3 +2,4 @@ allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_p allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; diff --git a/vendor/hal_memtrack_default.te b/vendor/hal_memtrack_default.te new file mode 100644 index 0000000..7554c6f --- /dev/null +++ b/vendor/hal_memtrack_default.te @@ -0,0 +1 @@ +r_dir_file(hal_memtrack_default, sysfs_gpu) diff --git a/vendor/hal_secure_element_st54spi.te b/vendor/hal_secure_element_st54spi.te deleted file mode 100644 index 3cc726d..0000000 --- a/vendor/hal_secure_element_st54spi.te +++ /dev/null @@ -1,7 +0,0 @@ -type hal_secure_element_st54spi, domain; -type hal_secure_element_st54spi_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(hal_secure_element_st54spi) -hal_server_domain(hal_secure_element_st54spi, hal_secure_element) -allow hal_secure_element_st54spi st54spi_device:chr_file rw_file_perms; -allow hal_secure_element_st54spi nfc_device:chr_file rw_file_perms; -set_prop(hal_secure_element_st54spi, vendor_secure_element_prop) diff --git a/vendor/hal_secure_element_st54spi_aidl.te b/vendor/hal_secure_element_st54spi_aidl.te new file mode 100644 index 0000000..5110b96 --- /dev/null +++ b/vendor/hal_secure_element_st54spi_aidl.te @@ -0,0 +1,7 @@ +type hal_secure_element_st54spi_aidl, domain; +type hal_secure_element_st54spi_aidl_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(hal_secure_element_st54spi_aidl) +hal_server_domain(hal_secure_element_st54spi_aidl, hal_secure_element) +allow hal_secure_element_st54spi_aidl st54spi_device:chr_file rw_file_perms; +allow hal_secure_element_st54spi_aidl nfc_device:chr_file rw_file_perms; +set_prop(hal_secure_element_st54spi_aidl, vendor_secure_element_prop) diff --git a/vendor/installd.te b/vendor/installd.te new file mode 100644 index 0000000..44e74c6 --- /dev/null +++ b/vendor/installd.te @@ -0,0 +1 @@ +dontaudit installd modem_img_file:filesystem quotaget; diff --git a/vendor/ofl_app.te b/vendor/ofl_app.te deleted file mode 100644 index 69e166a..0000000 --- a/vendor/ofl_app.te +++ /dev/null @@ -1,17 +0,0 @@ -# OFLBasicAgent app - -type ofl_app, domain; - -userdebug_or_eng(` - app_domain(ofl_app) - net_domain(ofl_app) - - allow ofl_app app_api_service:service_manager find; - allow ofl_app nfc_service:service_manager find; - allow ofl_app radio_service:service_manager find; - allow ofl_app surfaceflinger_service:service_manager find; - - # Access to directly update firmware on st54spi_device - typeattribute st54spi_device mlstrustedobject; - allow ofl_app st54spi_device:chr_file rw_file_perms; -') \ No newline at end of file diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 18a1472..2d0fb38 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -21,3 +21,7 @@ allow pixelstats_vendor sysfs_pcie:dir search; allow pixelstats_vendor sysfs_pcie:file rw_file_perms; allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/vendor/property.te b/vendor/property.te index a7450c3..105574b 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -11,3 +11,8 @@ vendor_internal_prop(vendor_usb_config_prop) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) +# Mali Integration +vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN +vendor_internal_prop(vendor_armnn_config_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index b020540..e837a5c 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -18,3 +18,8 @@ vendor.usb. u:object_r:vendor_usb_config_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/vendor/recovery.te b/vendor/recovery.te new file mode 100644 index 0000000..efbea53 --- /dev/null +++ b/vendor/recovery.te @@ -0,0 +1,8 @@ +recovery_only(` + allow recovery sysfs_ota:file rw_file_perms; + allow recovery st54spi_device:chr_file rw_file_perms; + allow recovery tee_device:chr_file rw_file_perms; + allow recovery sysfs_scsi_devices_0000:file r_file_perms; + allow recovery sysfs_scsi_devices_0000:dir r_dir_perms; + set_prop(recovery, boottime_prop) +') diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index 8f5eea1..9c10fdd 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -4,9 +4,6 @@ user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel dom # coredump/ramdump user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all -# Domain for OFLBasicAgentApp to support NFC/eSIM fw upgrade -user=_app isPrivApp=true seinfo=platform name=com.thales.device.ofl.app.omapi_agent domain=ofl_app type=app_data_file levelFrom=user - # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te index 312d8c8..b462eb3 100644 --- a/vendor/systemui_app.te +++ b/vendor/systemui_app.te @@ -7,10 +7,14 @@ allow systemui_app color_display_service:service_manager find; allow systemui_app audioserver_service:service_manager find; allow systemui_app cameraserver_service:service_manager find; allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) allow systemui_app pixel_battery_service_type:service_manager find; binder_call(systemui_app, pixel_battery_domain) diff --git a/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te index 1018104..7cf0245 100644 --- a/vendor/tcpdump_logger.te +++ b/vendor/tcpdump_logger.te @@ -1,5 +1,21 @@ type tcpdump_logger, domain; type tcpdump_logger_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(tcpdump_logger) +userdebug_or_eng(` + # make transition from init to its domain + init_daemon_domain(tcpdump_logger) + allow tcpdump_logger self:capability net_raw; + allow tcpdump_logger self:packet_socket create_socket_perms; + allowxperm tcpdump_logger self:packet_socket ioctl 0x8933; + allow tcpdump_logger tcpdump_exec:file rx_file_perms; + allow tcpdump_logger tcpdump_vendor_data_file:dir create_dir_perms; + allow tcpdump_logger tcpdump_vendor_data_file:file create_file_perms; + allow tcpdump_logger tcpdump_vendor_data_file:dir search; + allow tcpdump_logger radio_vendor_data_file:file create_file_perms; + allow tcpdump_logger radio_vendor_data_file:dir create_dir_perms; + allow tcpdump_logger wifi_logging_data_file:file create_file_perms; + allow tcpdump_logger wifi_logging_data_file:dir create_dir_perms; + + set_prop(tcpdump_logger, vendor_tcpdump_log_prop) +') \ No newline at end of file diff --git a/vendor/update_engine.te b/vendor/update_engine.te index b4f3cf8..a403d9e 100644 --- a/vendor/update_engine.te +++ b/vendor/update_engine.te @@ -1,2 +1,3 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; +allow update_engine proc_bootconfig:file r_file_perms; diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 646aa0f..373eeaf 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -29,3 +29,9 @@ set_prop(vendor_init, vendor_usb_config_prop) # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) + +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) + +# MM +allow vendor_init proc_watermark_scale_factor:file w_file_perms; From 7bf1eb8960a7b31c79283440f15bf9673a926742 Mon Sep 17 00:00:00 2001 From: sashwinbalaji Date: Mon, 8 May 2023 12:51:03 +0800 Subject: [PATCH 007/321] thermal: thermal_metrics: Update selinux to reset stats Bug: 193833982 Test: Local build and verify statsD logs adb shell cmd stats print-logs && adb logcat -b all | grep -i 105045 Change-Id: I09afbea9386724f0abf6b9cab5838e89a060a5fd --- vendor/pixelstats_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 2d0fb38..192616b 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -11,6 +11,7 @@ get_prop(pixelstats_vendor, vendor_brownout_reason_prop); #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; +allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; # Wireless charge allow pixelstats_vendor sysfs_wlc:dir search; From 7d7f055d462933d5913818620f1e97d809d736c4 Mon Sep 17 00:00:00 2001 From: Samuel Huang Date: Tue, 20 Jun 2023 07:25:30 +0000 Subject: [PATCH 008/321] Create telephony.ril.silent_reset system_ext property for RILD restart RILD listens for changes to this property. If the value changes to 1, RILD will restart itself and set this property back to 0. The TelephonyGoogle app will set this property to 1 when it receives a request from the SCONE app. Since TelephonyGoogle runs in the com.android.phone process, we also need to give the radio domain permission to set the telephony.ril.silent_reset property. Bug: 286476107 Test: manual Change-Id: I363b44a1a44184df05449ceb97089bb9e0211550 --- radio/radio.te | 2 ++ radio/rild.te | 2 ++ system_ext/private/property_contexts | 2 ++ system_ext/public/property.te | 6 ++++++ 4 files changed, 12 insertions(+) create mode 100644 system_ext/private/property_contexts create mode 100644 system_ext/public/property.te diff --git a/radio/radio.te b/radio/radio.te index 5d13273..221c812 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,3 +1,5 @@ +set_prop(radio, telephony_ril_prop) + allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; diff --git a/radio/rild.te b/radio/rild.te index a82e135..3a2bac7 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -6,6 +6,8 @@ get_prop(rild, vendor_carrier_prop) get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) +set_prop(rild, telephony_ril_prop) + allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts new file mode 100644 index 0000000..2f40ca4 --- /dev/null +++ b/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Telephony +telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool diff --git a/system_ext/public/property.te b/system_ext/public/property.te new file mode 100644 index 0000000..8ad51ac --- /dev/null +++ b/system_ext/public/property.te @@ -0,0 +1,6 @@ +# Telephony +system_public_prop(telephony_ril_prop) + +userdebug_or_eng(` + set_prop(shell, telephony_ril_prop) +') \ No newline at end of file From 0e6e83982346b88722e7843dc5524ffb0be4e406 Mon Sep 17 00:00:00 2001 From: Firman Prayoga Date: Wed, 21 Jun 2023 10:46:36 +0000 Subject: [PATCH 009/321] zumapro-sepolicy: Update camera device nodes Bug: 288215624 Test: Boot, set camera mode, no selinux error Change-Id: I9a636d60a5352d991cd199f7c9bb227554311ef7 --- vendor/file_contexts | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 547067b..0fa4c99 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -110,6 +110,10 @@ /dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-act-jotnar u:object_r:lwis_device:s0 /dev/lwis-act-nessie u:object_r:lwis_device:s0 /dev/lwis-act-slenderman u:object_r:lwis_device:s0 @@ -118,9 +122,11 @@ /dev/lwis-csi u:object_r:lwis_device:s0 /dev/lwis-dpm u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 /dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 /dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 /dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 @@ -128,6 +134,9 @@ /dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 /dev/lwis-g3aa u:object_r:lwis_device:s0 /dev/lwis-gdc0 u:object_r:lwis_device:s0 @@ -141,15 +150,19 @@ /dev/lwis-lme u:object_r:lwis_device:s0 /dev/lwis-mcsc u:object_r:lwis_device:s0 /dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 /dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 /dev/lwis-ois-jotnar u:object_r:lwis_device:s0 /dev/lwis-ois-nessie u:object_r:lwis_device:s0 /dev/lwis-pdp u:object_r:lwis_device:s0 /dev/lwis-scsc u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-buraq u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-imentet u:object_r:lwis_device:s0 /dev/lwis-sensor-kraken u:object_r:lwis_device:s0 /dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 @@ -157,7 +170,11 @@ /dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-sensor-nagual u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-slc u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-top u:object_r:lwis_device:s0 From ea65f1e6bd08fee54eb3c7cc6773dedea02ad789 Mon Sep 17 00:00:00 2001 From: Yixuan Wang Date: Wed, 21 Jun 2023 22:13:45 +0000 Subject: [PATCH 010/321] Add selinux policy for chre vendor data directory Bug: 278114604 Test: on device test Change-Id: Ic8f0256c43ab3bc7c7bd30484f47e77bb970ce56 --- vendor/chre.te | 4 ++++ vendor/file.te | 1 + vendor/file_contexts | 1 + 3 files changed, 6 insertions(+) diff --git a/vendor/chre.te b/vendor/chre.te index a1d1ca5..7c0ad8f 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -12,5 +12,9 @@ allow chre sysfs_aoc_boottime:file r_file_perms; # Allow CHRE to create thread to watch AOC's device allow chre device:dir r_dir_perms; +# Allow CHRE to write to data to chre data directory +allow chre chre_data_file:dir create_dir_perms; +allow chre chre_data_file:file create_file_perms; + # Allow CHRE to use WakeLock wakelock_use(chre) diff --git a/vendor/file.te b/vendor/file.te index cc0f2b9..3ef4000 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -35,6 +35,7 @@ type vendor_bt_data_file, file_type, data_file_type; # Data type sensor_reg_data_file, file_type, data_file_type; +type chre_data_file, file_type, data_file_type; # Vendor sched files userdebug_or_eng(` diff --git a/vendor/file_contexts b/vendor/file_contexts index 547067b..d401cd1 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -38,6 +38,7 @@ # Vendor /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 # persist /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 From 0c5d6dd88841a44da49925d799bd59dbd84f9117 Mon Sep 17 00:00:00 2001 From: Sebastian Pickl Date: Tue, 27 Jun 2023 08:46:41 +0000 Subject: [PATCH 011/321] Revert "Create telephony.ril.silent_reset system_ext property fo..." Revert submission 23736941-tpsr-ril-property Reason for revert: culprit for b/289014054 verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L54800000961620143 Bug: 289014054 Reverted changes: /q/submissionid:23736941-tpsr-ril-property Change-Id: I2b845e6600e613eaa10788274cb028903d5df82e --- radio/radio.te | 2 -- radio/rild.te | 2 -- system_ext/private/property_contexts | 2 -- system_ext/public/property.te | 6 ------ 4 files changed, 12 deletions(-) delete mode 100644 system_ext/private/property_contexts delete mode 100644 system_ext/public/property.te diff --git a/radio/radio.te b/radio/radio.te index 221c812..5d13273 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,5 +1,3 @@ -set_prop(radio, telephony_ril_prop) - allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; diff --git a/radio/rild.te b/radio/rild.te index 3a2bac7..a82e135 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -6,8 +6,6 @@ get_prop(rild, vendor_carrier_prop) get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) -set_prop(rild, telephony_ril_prop) - allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts deleted file mode 100644 index 2f40ca4..0000000 --- a/system_ext/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Telephony -telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool diff --git a/system_ext/public/property.te b/system_ext/public/property.te deleted file mode 100644 index 8ad51ac..0000000 --- a/system_ext/public/property.te +++ /dev/null @@ -1,6 +0,0 @@ -# Telephony -system_public_prop(telephony_ril_prop) - -userdebug_or_eng(` - set_prop(shell, telephony_ril_prop) -') \ No newline at end of file From d460f878feb73365fe87730751082c54755c0fba Mon Sep 17 00:00:00 2001 From: Samuel Huang Date: Wed, 28 Jun 2023 06:16:30 +0000 Subject: [PATCH 012/321] Revert "Revert "Create telephony.ril.silent_reset system_ext pro..." Revert submission 23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX Reason for revert: The root cause is missing property definition in gs101-sepolicy. This CL can be merged safely. Verified by abtd run: https://android-build.googleplex.com/builds/abtd/run/L48900000961646046 Reverted changes: /q/submissionid:23817868-revert-23736941-tpsr-ril-property-WQVGKEVBKX Bug: 286476107 Change-Id: I81a350f1df3c9071945e484277ed7fab5ae4c60e --- radio/radio.te | 2 ++ radio/rild.te | 2 ++ system_ext/private/property_contexts | 2 ++ system_ext/public/property.te | 6 ++++++ 4 files changed, 12 insertions(+) create mode 100644 system_ext/private/property_contexts create mode 100644 system_ext/public/property.te diff --git a/radio/radio.te b/radio/radio.te index 5d13273..221c812 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,3 +1,5 @@ +set_prop(radio, telephony_ril_prop) + allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; diff --git a/radio/rild.te b/radio/rild.te index a82e135..3a2bac7 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -6,6 +6,8 @@ get_prop(rild, vendor_carrier_prop) get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) +set_prop(rild, telephony_ril_prop) + allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; allow rild radio_vendor_data_file:file create_file_perms; diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts new file mode 100644 index 0000000..2f40ca4 --- /dev/null +++ b/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Telephony +telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool diff --git a/system_ext/public/property.te b/system_ext/public/property.te new file mode 100644 index 0000000..8ad51ac --- /dev/null +++ b/system_ext/public/property.te @@ -0,0 +1,6 @@ +# Telephony +system_public_prop(telephony_ril_prop) + +userdebug_or_eng(` + set_prop(shell, telephony_ril_prop) +') \ No newline at end of file From eb242f21f6ba011f7a46d40985902134611519b6 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Fri, 7 Jul 2023 15:45:17 +0800 Subject: [PATCH 013/321] Add sepolicy for max77779fg Bug: 290315763 Change-Id: I71249d99b972f7966f8b1b3a4978d62985f27d49 Signed-off-by: Jenny Ho --- vendor/file_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 68aeae4..2181dbd 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -96,6 +96,7 @@ /dev/logbuffer_maxq u:object_r:logbuffer_device:s0 /dev/logbuffer_rtx u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 @@ -104,6 +105,7 @@ /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 /dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 From ca2f1c7d86ffea8a03ade445bd50e58362ab5cd8 Mon Sep 17 00:00:00 2001 From: Joerg Wagner Date: Tue, 18 Jul 2023 10:09:22 +0200 Subject: [PATCH 014/321] Prepare for Mali r44p0 UMD update Add selinux rule to allow new V2 interface file alongside of V1 used up to r43p0. The V1 entry will be removed once the r44p0 UMD update completes. This decouples small changes from large, potentially intrusive ones in other repositories. Bug: 284254900 Change-Id: Ia928f871d8ea1fdbfb963cecb8fc4a99947e443e --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 2181dbd..11631f5 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -32,6 +32,7 @@ # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 /vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 # Vendor libraries /vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 From 5b6bd7a49657e3f67c46eb2a184f9a189daa8405 Mon Sep 17 00:00:00 2001 From: Utku Utkan Date: Thu, 13 Jul 2023 09:08:07 -0700 Subject: [PATCH 015/321] Introduce CameraServices seinfo tag for PixelCameraServices Bug: 287069860 Test: m && flashall && check against 'avc: denied' errors Change-Id: I190f58ce9bcdc5c121e9329eb34030eeaf4d8709 --- vendor/keys.conf | 3 +++ vendor/mac_permissions.xml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/vendor/keys.conf b/vendor/keys.conf index 503d1f0..767ee8c 100644 --- a/vendor/keys.conf +++ b/vendor/keys.conf @@ -6,3 +6,6 @@ ALL : device/google/zumapro-sepolicy/vendor/certs/camera_eng.x509.pem [@CAMERAFISHFOOD] ALL : device/google/zumapro-sepolicy/vendor/certs/camera_fishfood.x509.pem + +[@CAMERASERVICES] +ALL : vendor/google/dev-keystore/certs/com_google_android_apps_camera_services/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml index 8e8c3c2..48536b9 100644 --- a/vendor/mac_permissions.xml +++ b/vendor/mac_permissions.xml @@ -30,4 +30,7 @@ + + + From faf722a9cdad01272c9bc20c0d40187ab1934df2 Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Wed, 19 Jul 2023 01:15:07 +0000 Subject: [PATCH 016/321] Revert "Introduce CameraServices seinfo tag for PixelCameraServices" Revert submission 24056607-pixel-camera-services-extensions-sepolicy Reason for revert: build breakage on git_main-without-vendor Reverted changes: /q/submissionid:24056607-pixel-camera-services-extensions-sepolicy Change-Id: I61599734edc5d80ca25beb4707549502318accaa --- vendor/keys.conf | 3 --- vendor/mac_permissions.xml | 3 --- 2 files changed, 6 deletions(-) diff --git a/vendor/keys.conf b/vendor/keys.conf index 767ee8c..503d1f0 100644 --- a/vendor/keys.conf +++ b/vendor/keys.conf @@ -6,6 +6,3 @@ ALL : device/google/zumapro-sepolicy/vendor/certs/camera_eng.x509.pem [@CAMERAFISHFOOD] ALL : device/google/zumapro-sepolicy/vendor/certs/camera_fishfood.x509.pem - -[@CAMERASERVICES] -ALL : vendor/google/dev-keystore/certs/com_google_android_apps_camera_services/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml index 48536b9..8e8c3c2 100644 --- a/vendor/mac_permissions.xml +++ b/vendor/mac_permissions.xml @@ -30,7 +30,4 @@ - - - From c0ed974888e1e25e29b48e54146eba4802ea52c6 Mon Sep 17 00:00:00 2001 From: Utku Utkan Date: Wed, 19 Jul 2023 02:47:43 +0000 Subject: [PATCH 017/321] Revert^2 "Introduce CameraServices seinfo tag for PixelCameraServices" Revert submission 24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL Reason for revert: Relanding the original topic after copying the certificates under `device/google` for `without-vendor` branches Reverted changes: /q/submissionid:24122569-revert-24056607-pixel-camera-services-extensions-sepolicy-OFSULTXSBL Bug: 287069860 Test: m && flashall Change-Id: I01fc4a31db761cb3dbb5dc93eb9e0b4d569b82f7 --- ...ogle_android_apps_camera_services.x509.pem | 30 +++++++++++++++++++ vendor/keys.conf | 3 ++ vendor/mac_permissions.xml | 3 ++ 3 files changed, 36 insertions(+) create mode 100644 vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/certs/com_google_android_apps_camera_services.x509.pem b/vendor/certs/com_google_android_apps_camera_services.x509.pem new file mode 100644 index 0000000..7b8c5b2 --- /dev/null +++ b/vendor/certs/com_google_android_apps_camera_services.x509.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU +MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n +bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz +MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N +b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G +A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP +1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR +UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 +4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL +jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 +pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 +VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 +A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO +sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV +eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO +nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI +hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 +YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm +FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr +njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI +hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e +JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 +IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA +V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H +r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F +DB17LhMLl0GxX9j1 +-----END CERTIFICATE----- diff --git a/vendor/keys.conf b/vendor/keys.conf index 503d1f0..9911d1f 100644 --- a/vendor/keys.conf +++ b/vendor/keys.conf @@ -6,3 +6,6 @@ ALL : device/google/zumapro-sepolicy/vendor/certs/camera_eng.x509.pem [@CAMERAFISHFOOD] ALL : device/google/zumapro-sepolicy/vendor/certs/camera_fishfood.x509.pem + +[@CAMERASERVICES] +ALL : device/google/zumapro-sepolicy/vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/mac_permissions.xml b/vendor/mac_permissions.xml index 8e8c3c2..48536b9 100644 --- a/vendor/mac_permissions.xml +++ b/vendor/mac_permissions.xml @@ -30,4 +30,7 @@ + + + From 207d448245502c0c720a5066152f975a72236990 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Wed, 19 Jul 2023 17:54:18 +0800 Subject: [PATCH 018/321] Add sepolicy to allow dump battery charger and FG data W cat : type=1400 audit(0.0:308): avc: denied { read } for name="registers_dump" dev="sysfs" ino=78205 scontext=u:r:dump_power:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 W cat : type=1400 audit(0.0:309): avc: denied { read } for name="registers" dev="debugfs" ino=33 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W cat : type=1400 audit(0.0:311): avc: denied { read } for name="model_ok" dev="debugfs" ino=26186 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W cat : type=1400 audit(0.0:312): avc: denied { read } for name="registers" dev="debugfs" ino=26192 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 W cat : type=1400 audit(0.0:313): avc: denied { read } for name="debug_registers" dev="debugfs" ino=26193 scontext=u:r:dump_power:s0 tcontext=u:object_r:debugfs:s0 tclass=file permissive=0 Bug: 290542674 Change-Id: I7d8fa1efdf9c1c233643089273ddfd786b44ce15 Signed-off-by: Jenny Ho --- vendor/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 28ac6d2..8344007 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -21,11 +21,14 @@ genfscon sysfs /devices/platform/1a000000.rio u:object genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 # Extcon genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 @@ -214,6 +217,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 From ad310207153527776f358d651beb1127b0574273 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Mon, 31 Jul 2023 16:11:10 +0800 Subject: [PATCH 019/321] add permission for dc-mains Bug: 290542674 Change-Id: I30bb1e796b1863c035b2c4b4baa7695a80a31d60 Signed-off-by: Jenny Ho --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8344007..6b2a824 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -218,6 +218,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 From 42c99d739eaef4d8290b1609e6500935e9ecf6ba Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Mon, 31 Jul 2023 10:43:39 +0000 Subject: [PATCH 020/321] [Cleanup]: Move gxp sepolicies to gs-common These policies are moved to gs-common as part of ag/24002524 Bug: 288368306 Change-Id: I38f6e695e6f896c094275455cf3c0d79d0b1820f Signed-off-by: Dinesh Yadav --- vendor/debug_camera_app.te | 3 ++- vendor/device.te | 1 - vendor/file_contexts | 2 -- vendor/genfs_contexts | 3 +++ vendor/google_camera_app.te | 4 ++-- vendor/gxp_logging.te | 10 ---------- vendor/hal_camera_default.te | 3 --- 7 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 vendor/gxp_logging.te diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index 4199b07..18adba7 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -11,8 +11,9 @@ userdebug_or_eng(` allow debug_camera_app mediametrics_service:service_manager find; allow debug_camera_app mediaserver_service:service_manager find; - # Allows GCA-Eng & GCA-Next access the GXP device. + # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; + get_prop(debug_camera_app, vendor_gxp_prop) # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; diff --git a/vendor/device.te b/vendor/device.te index 695c54f..a626a34 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -5,7 +5,6 @@ type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; type fingerprint_device, dev_type; type uci_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 11631f5..b3a8ff6 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,7 +1,6 @@ # Binaries /vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 @@ -35,7 +34,6 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 # Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 # Vendor /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8344007..d7e7078 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -17,6 +17,9 @@ genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_b # EdgeTPU genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + # debugfs genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index 8c030f4..f368d39 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -9,9 +9,9 @@ allow google_camera_app mediaextractor_service:service_manager find; allow google_camera_app mediametrics_service:service_manager find; allow google_camera_app mediaserver_service:service_manager find; -# Allows GCA to acccess the GXP device and search for the firmware file. +# Allows GCA to acccess the GXP device & properties. allow google_camera_app gxp_device:chr_file rw_file_perms; -allow google_camera_app vendor_fw_file:dir search; +get_prop(google_camera_app, vendor_gxp_prop) # Allows GCA to access the PowerHAL. hal_client_domain(google_camera_app, hal_power) diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te deleted file mode 100644 index 000138a..0000000 --- a/vendor/gxp_logging.te +++ /dev/null @@ -1,10 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index a7d9db9..35cd7cf 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -29,9 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms; allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; allow hal_camera_default vendor_camera_data_file:file create_file_perms; -# Allow the camera hal to access the GXP device. -allow hal_camera_default gxp_device:chr_file rw_file_perms; - # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; From 08dbe5a438705728cd30697fc89e19fc22b96280 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 8 Aug 2023 17:51:31 +0800 Subject: [PATCH 021/321] Permissive systemui during bringup stage Bug: 294300348 Change-Id: I83fcda2cfd3d683cd6c36132e497e9d17a44efe5 --- tracking_denials/systemui_app.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index 35142bb..1510f90 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,2 +1,6 @@ # b/272628396 dontaudit systemui_app service_manager_type:service_manager find; +# b/294300348 +userdebug_or_eng(` + permissive systemui_app; +') From 63200470b86cf00168cf717f49693fdee907104b Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 10 Aug 2023 17:00:56 +0900 Subject: [PATCH 022/321] Move coredomain seapp contexts to system_ext Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: TH Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50 --- private/debug_camera_app.te | 16 +++++++++++++++ private/google_camera_app.te | 16 +++++++++++++++ private/seapp_contexts | 11 ++++++++++ public/debug_camera_app.te | 1 + public/google_camera_app.te | 1 + system_ext/private/pixeldisplayservice_app.te | 11 ++++++++++ system_ext/private/seapp_contexts | 6 ++++++ system_ext/private/systemui_app.te | 17 ++++++++++++++++ system_ext/public/pixeldisplayservice_app.te | 1 + system_ext/public/systemui_app.te | 1 + vendor/debug_camera_app.te | 15 -------------- vendor/google_camera_app.te | 17 ---------------- vendor/pixeldisplayservice_app.te | 12 ----------- vendor/seapp_contexts | 20 ------------------- vendor/systemui_app.te | 18 ----------------- zumapro-sepolicy.mk | 1 + 16 files changed, 82 insertions(+), 82 deletions(-) create mode 100644 private/debug_camera_app.te create mode 100644 private/google_camera_app.te create mode 100644 private/seapp_contexts create mode 100644 public/debug_camera_app.te create mode 100644 public/google_camera_app.te create mode 100644 system_ext/private/pixeldisplayservice_app.te create mode 100644 system_ext/private/seapp_contexts create mode 100644 system_ext/private/systemui_app.te create mode 100644 system_ext/public/pixeldisplayservice_app.te create mode 100644 system_ext/public/systemui_app.te diff --git a/private/debug_camera_app.te b/private/debug_camera_app.te new file mode 100644 index 0000000..8250e42 --- /dev/null +++ b/private/debug_camera_app.te @@ -0,0 +1,16 @@ +typeattribute debug_camera_app coredomain; + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) +') diff --git a/private/google_camera_app.te b/private/google_camera_app.te new file mode 100644 index 0000000..4ce84af --- /dev/null +++ b/private/google_camera_app.te @@ -0,0 +1,16 @@ +typeattribute google_camera_app coredomain; +app_domain(google_camera_app) +net_domain(google_camera_app) + +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/private/seapp_contexts b/private/seapp_contexts new file mode 100644 index 0000000..38c4e6e --- /dev/null +++ b/private/seapp_contexts @@ -0,0 +1,11 @@ +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all diff --git a/public/debug_camera_app.te b/public/debug_camera_app.te new file mode 100644 index 0000000..6f49768 --- /dev/null +++ b/public/debug_camera_app.te @@ -0,0 +1 @@ +type debug_camera_app, domain; diff --git a/public/google_camera_app.te b/public/google_camera_app.te new file mode 100644 index 0000000..c93038c --- /dev/null +++ b/public/google_camera_app.te @@ -0,0 +1 @@ +type google_camera_app, domain; diff --git a/system_ext/private/pixeldisplayservice_app.te b/system_ext/private/pixeldisplayservice_app.te new file mode 100644 index 0000000..9d603b7 --- /dev/null +++ b/system_ext/private/pixeldisplayservice_app.te @@ -0,0 +1,11 @@ +typeattribute pixeldisplayservice_app coredomain; + +app_domain(pixeldisplayservice_app); + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 0000000..1e85b73 --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,6 @@ +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# SystemUI +user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all +user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te new file mode 100644 index 0000000..c34c911 --- /dev/null +++ b/system_ext/private/systemui_app.te @@ -0,0 +1,17 @@ +typeattribute systemui_app coredomain; +app_domain(systemui_app) +allow systemui_app app_api_service:service_manager find; +allow systemui_app network_score_service:service_manager find; +allow systemui_app overlay_service:service_manager find; +allow systemui_app color_display_service:service_manager find; +allow systemui_app audioserver_service:service_manager find; +allow systemui_app cameraserver_service:service_manager find; +allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; +allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; + +get_prop(systemui_app, keyguard_config_prop) +set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) diff --git a/system_ext/public/pixeldisplayservice_app.te b/system_ext/public/pixeldisplayservice_app.te new file mode 100644 index 0000000..2c608b4 --- /dev/null +++ b/system_ext/public/pixeldisplayservice_app.te @@ -0,0 +1 @@ +type pixeldisplayservice_app, domain; diff --git a/system_ext/public/systemui_app.te b/system_ext/public/systemui_app.te new file mode 100644 index 0000000..cb101a6 --- /dev/null +++ b/system_ext/public/systemui_app.te @@ -0,0 +1 @@ +type systemui_app, domain; diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index 18adba7..44859fe 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -1,16 +1,4 @@ -type debug_camera_app, domain, coredomain; - userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; - # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; get_prop(debug_camera_app, vendor_gxp_prop) @@ -18,7 +6,4 @@ userdebug_or_eng(` # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) ') diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index f368d39..fd19c05 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,24 +1,7 @@ -type google_camera_app, domain, coredomain; -app_domain(google_camera_app) -net_domain(google_camera_app) - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - # Allows GCA to acccess the GXP device & properties. allow google_camera_app gxp_device:chr_file rw_file_perms; get_prop(google_camera_app, vendor_gxp_prop) -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te index 7320d00..e9c8d78 100644 --- a/vendor/pixeldisplayservice_app.te +++ b/vendor/pixeldisplayservice_app.te @@ -1,14 +1,2 @@ -type pixeldisplayservice_app, domain, coredomain; - -app_domain(pixeldisplayservice_app); - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index 9c10fdd..ed23ae5 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -7,29 +7,9 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - # Qorvo UWB system app # TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - -# SystemUI -user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all -user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all - diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te index b462eb3..034dd0a 100644 --- a/vendor/systemui_app.te +++ b/vendor/systemui_app.te @@ -1,21 +1,3 @@ -type systemui_app, domain, coredomain; -app_domain(systemui_app) -allow systemui_app app_api_service:service_manager find; -allow systemui_app network_score_service:service_manager find; -allow systemui_app overlay_service:service_manager find; -allow systemui_app color_display_service:service_manager find; -allow systemui_app audioserver_service:service_manager find; -allow systemui_app cameraserver_service:service_manager find; -allow systemui_app mediaserver_service:service_manager find; -allow systemui_app mediaextractor_service:service_manager find; -allow systemui_app mediametrics_service:service_manager find; -allow systemui_app radio_service:service_manager find; -allow systemui_app vr_manager_service:service_manager find; - -get_prop(systemui_app, keyguard_config_prop) -set_prop(systemui_app, bootanim_system_prop) -get_prop(systemui_app, qemu_hw_prop) - allow systemui_app pixel_battery_service_type:service_manager find; binder_call(systemui_app, pixel_battery_domain) diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index a5757bf..f202935 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -6,6 +6,7 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/radio/private # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/tracking_denials +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/public PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/private # system_ext From d9a89215f4e09a077ab26fc7580423a34b71d21a Mon Sep 17 00:00:00 2001 From: Inseob Kim Date: Thu, 10 Aug 2023 17:00:56 +0900 Subject: [PATCH 023/321] Move coredomain seapp contexts to system_ext Coredomain apps shouldn't be labeled with vendor sepolicy, due to Treble violation. Bug: 280547417 Test: TH Change-Id: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50 Merged-In: Ifcaa41df790cb2b720775563cc4cd5cdf10e5c50 (cherry picked from commit 63200470b86cf00168cf717f49693fdee907104b) --- private/debug_camera_app.te | 16 +++++++++++++++ private/google_camera_app.te | 16 +++++++++++++++ private/seapp_contexts | 11 ++++++++++ public/debug_camera_app.te | 1 + public/google_camera_app.te | 1 + system_ext/private/pixeldisplayservice_app.te | 11 ++++++++++ system_ext/private/seapp_contexts | 6 ++++++ system_ext/private/systemui_app.te | 17 ++++++++++++++++ system_ext/public/pixeldisplayservice_app.te | 1 + system_ext/public/systemui_app.te | 1 + vendor/debug_camera_app.te | 15 -------------- vendor/google_camera_app.te | 17 ---------------- vendor/pixeldisplayservice_app.te | 12 ----------- vendor/seapp_contexts | 20 ------------------- vendor/systemui_app.te | 18 ----------------- zumapro-sepolicy.mk | 1 + 16 files changed, 82 insertions(+), 82 deletions(-) create mode 100644 private/debug_camera_app.te create mode 100644 private/google_camera_app.te create mode 100644 private/seapp_contexts create mode 100644 public/debug_camera_app.te create mode 100644 public/google_camera_app.te create mode 100644 system_ext/private/pixeldisplayservice_app.te create mode 100644 system_ext/private/seapp_contexts create mode 100644 system_ext/private/systemui_app.te create mode 100644 system_ext/public/pixeldisplayservice_app.te create mode 100644 system_ext/public/systemui_app.te diff --git a/private/debug_camera_app.te b/private/debug_camera_app.te new file mode 100644 index 0000000..8250e42 --- /dev/null +++ b/private/debug_camera_app.te @@ -0,0 +1,16 @@ +typeattribute debug_camera_app coredomain; + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) +') diff --git a/private/google_camera_app.te b/private/google_camera_app.te new file mode 100644 index 0000000..4ce84af --- /dev/null +++ b/private/google_camera_app.te @@ -0,0 +1,16 @@ +typeattribute google_camera_app coredomain; +app_domain(google_camera_app) +net_domain(google_camera_app) + +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/private/seapp_contexts b/private/seapp_contexts new file mode 100644 index 0000000..38c4e6e --- /dev/null +++ b/private/seapp_contexts @@ -0,0 +1,11 @@ +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all diff --git a/public/debug_camera_app.te b/public/debug_camera_app.te new file mode 100644 index 0000000..6f49768 --- /dev/null +++ b/public/debug_camera_app.te @@ -0,0 +1 @@ +type debug_camera_app, domain; diff --git a/public/google_camera_app.te b/public/google_camera_app.te new file mode 100644 index 0000000..c93038c --- /dev/null +++ b/public/google_camera_app.te @@ -0,0 +1 @@ +type google_camera_app, domain; diff --git a/system_ext/private/pixeldisplayservice_app.te b/system_ext/private/pixeldisplayservice_app.te new file mode 100644 index 0000000..9d603b7 --- /dev/null +++ b/system_ext/private/pixeldisplayservice_app.te @@ -0,0 +1,11 @@ +typeattribute pixeldisplayservice_app coredomain; + +app_domain(pixeldisplayservice_app); + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts new file mode 100644 index 0000000..1e85b73 --- /dev/null +++ b/system_ext/private/seapp_contexts @@ -0,0 +1,6 @@ +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# SystemUI +user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all +user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te new file mode 100644 index 0000000..c34c911 --- /dev/null +++ b/system_ext/private/systemui_app.te @@ -0,0 +1,17 @@ +typeattribute systemui_app coredomain; +app_domain(systemui_app) +allow systemui_app app_api_service:service_manager find; +allow systemui_app network_score_service:service_manager find; +allow systemui_app overlay_service:service_manager find; +allow systemui_app color_display_service:service_manager find; +allow systemui_app audioserver_service:service_manager find; +allow systemui_app cameraserver_service:service_manager find; +allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; +allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; + +get_prop(systemui_app, keyguard_config_prop) +set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) diff --git a/system_ext/public/pixeldisplayservice_app.te b/system_ext/public/pixeldisplayservice_app.te new file mode 100644 index 0000000..2c608b4 --- /dev/null +++ b/system_ext/public/pixeldisplayservice_app.te @@ -0,0 +1 @@ +type pixeldisplayservice_app, domain; diff --git a/system_ext/public/systemui_app.te b/system_ext/public/systemui_app.te new file mode 100644 index 0000000..cb101a6 --- /dev/null +++ b/system_ext/public/systemui_app.te @@ -0,0 +1 @@ +type systemui_app, domain; diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te index 4199b07..08bf626 100644 --- a/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -1,23 +1,8 @@ -type debug_camera_app, domain, coredomain; - userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; - # Allows GCA-Eng & GCA-Next access the GXP device. allow debug_camera_app gxp_device:chr_file rw_file_perms; # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) ') diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index 8c030f4..35cd86e 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,24 +1,7 @@ -type google_camera_app, domain, coredomain; -app_domain(google_camera_app) -net_domain(google_camera_app) - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - # Allows GCA to acccess the GXP device and search for the firmware file. allow google_camera_app gxp_device:chr_file rw_file_perms; allow google_camera_app vendor_fw_file:dir search; -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - # Allows GCA to find and access the EdgeTPU. allow google_camera_app edgetpu_app_service:service_manager find; allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te index 7320d00..e9c8d78 100644 --- a/vendor/pixeldisplayservice_app.te +++ b/vendor/pixeldisplayservice_app.te @@ -1,14 +1,2 @@ -type pixeldisplayservice_app, domain, coredomain; - -app_domain(pixeldisplayservice_app); - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts index 9c10fdd..ed23ae5 100644 --- a/vendor/seapp_contexts +++ b/vendor/seapp_contexts @@ -7,29 +7,9 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - # Qorvo UWB system app # TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - -# SystemUI -user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all -user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all - diff --git a/vendor/systemui_app.te b/vendor/systemui_app.te index b462eb3..034dd0a 100644 --- a/vendor/systemui_app.te +++ b/vendor/systemui_app.te @@ -1,21 +1,3 @@ -type systemui_app, domain, coredomain; -app_domain(systemui_app) -allow systemui_app app_api_service:service_manager find; -allow systemui_app network_score_service:service_manager find; -allow systemui_app overlay_service:service_manager find; -allow systemui_app color_display_service:service_manager find; -allow systemui_app audioserver_service:service_manager find; -allow systemui_app cameraserver_service:service_manager find; -allow systemui_app mediaserver_service:service_manager find; -allow systemui_app mediaextractor_service:service_manager find; -allow systemui_app mediametrics_service:service_manager find; -allow systemui_app radio_service:service_manager find; -allow systemui_app vr_manager_service:service_manager find; - -get_prop(systemui_app, keyguard_config_prop) -set_prop(systemui_app, bootanim_system_prop) -get_prop(systemui_app, qemu_hw_prop) - allow systemui_app pixel_battery_service_type:service_manager find; binder_call(systemui_app, pixel_battery_domain) diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index a5757bf..f202935 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -6,6 +6,7 @@ PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/radio/private # unresolved SELinux error log with bug tracking BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/tracking_denials +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/public PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/private # system_ext From dc29ce77536cbd9969285138df8e6ced5ac5deab Mon Sep 17 00:00:00 2001 From: Ilya Matyukhin Date: Sat, 5 Aug 2023 00:55:25 +0000 Subject: [PATCH 024/321] zumapro: Add sysfs_faceauth_gcma_heap type Bug: 288156745 Test: build Change-Id: I009e0721c09886d96a8d071afaf9244305e1a257 --- vendor/file.te | 3 +++ vendor/genfs_contexts | 3 +++ 2 files changed, 6 insertions(+) diff --git a/vendor/file.te b/vendor/file.te index 3ef4000..b97b93d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -49,3 +49,6 @@ type sysfs_ota, sysfs_type, fs_type; # GSA type sysfs_gsa_log, sysfs_type, fs_type; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 6b2a824..e47b6c8 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -492,3 +492,6 @@ genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:ob # OTA genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 + +# Faceauth +genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 From e1542f9b766769a587420f7b67b152fd9d7aed56 Mon Sep 17 00:00:00 2001 From: Hyunki Koo Date: Wed, 9 Aug 2023 16:17:28 +0900 Subject: [PATCH 025/321] Add sepolicy for swiftshader Bug: 295365113 Change-Id: Ib122cb4015bb66bdcdd00adffee36b65a46bc322 Signed-off-by: Hyunki Koo --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 11631f5..42f22bf 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -33,6 +33,7 @@ /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 /vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 # Vendor libraries /vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 From 1fcea237100829aded8c1546bb5349dea26babba Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Wed, 16 Aug 2023 13:43:56 +0800 Subject: [PATCH 026/321] Add permission to read charger online Bug: 296141243 Change-Id: Ie477983e4647ad24f04dc819e2d89de38d78775c Signed-off-by: Jenny Ho --- vendor/genfs_contexts | 5 +++++ vendor/hal_health_default.te | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 6b2a824..079365f 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -177,6 +177,7 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 @@ -197,6 +198,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -219,6 +221,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -239,6 +242,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 @@ -259,6 +263,7 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 # wake up nodes genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index 36e6cb1..c57ef34 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -13,4 +13,4 @@ allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; allow hal_health_default sysfs_wlc:dir search; -allow hal_health_default sysfs_batteryinfo:file w_file_perms; +allow hal_health_default sysfs_batteryinfo:file rw_file_perms; From da3b0fc74b064b553868238553e683e7cde3abd9 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 16 Aug 2023 18:17:06 +0800 Subject: [PATCH 027/321] Permissive boot related domains during bringup stage Bug: 296187211 Change-Id: I58a3e61d3a9a3e1c997595af5b74d77a3c0d848c --- private/system_suspend.te | 3 +++ tracking_denials/permissive.te | 19 +++++++++++++++++++ 2 files changed, 22 insertions(+) create mode 100644 private/system_suspend.te create mode 100644 tracking_denials/permissive.te diff --git a/private/system_suspend.te b/private/system_suspend.te new file mode 100644 index 0000000..f126523 --- /dev/null +++ b/private/system_suspend.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + permissive system_suspend; +') diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te new file mode 100644 index 0000000..03bf18a --- /dev/null +++ b/tracking_denials/permissive.te @@ -0,0 +1,19 @@ +userdebug_or_eng(` + permissive gxp_logging; + permissive hal_health_default; + permissive hal_power_stats_default; + permissive hal_uwb_default; + permissive hal_vibrator_default; + permissive hal_wireless_charger; + permissive init-qfp-sh; + permissive insmod-sh; + permissive network_stack; + permissive pixelstats_vendor; + permissive system_server; + permissive vendor_init; + permissive thermal_link_device; + permissive kernel; + permissive qfp-daemon; + permissive hal_power_default; + permissive servicemanager; +') From b1ded0f4433200e258e2084c4152f1f60c0602a9 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 16 Aug 2023 18:49:31 +0800 Subject: [PATCH 028/321] Remove systemui_app dontaudit Bug: 296187211 Change-Id: I56c23c1a3190e294391331c5f83d05e4a3eb9d81 --- tracking_denials/systemui_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index 1510f90..e4416d8 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,5 +1,5 @@ # b/272628396 -dontaudit systemui_app service_manager_type:service_manager find; +#dontaudit systemui_app service_manager_type:service_manager find; # b/294300348 userdebug_or_eng(` permissive systemui_app; From e95e864a207bd3e32cf7aafd448ff8b6188c7dd7 Mon Sep 17 00:00:00 2001 From: Renato Grottesi Date: Thu, 17 Aug 2023 09:04:12 +0000 Subject: [PATCH 029/321] Cleanup unused ArmNN settings. Test: pre-submit Bug: 294463729 Change-Id: Iaadd1ed478b87dbb3fa18187d45ffbe264f72ca1 --- vendor/property.te | 3 --- vendor/property_contexts | 3 --- vendor/vendor_init.te | 3 --- 3 files changed, 9 deletions(-) diff --git a/vendor/property.te b/vendor/property.te index 105574b..8ef51a8 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -13,6 +13,3 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) - -# ArmNN -vendor_internal_prop(vendor_armnn_config_prop) diff --git a/vendor/property_contexts b/vendor/property_contexts index e837a5c..8e43946 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -20,6 +20,3 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix - -# ArmNN configuration -ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 373eeaf..2071850 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -30,8 +30,5 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) -# ArmNN -set_prop(vendor_init, vendor_armnn_config_prop) - # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; From c2c1b09ea9f7c0dc45b49478ac6f5aa6bc4f0a89 Mon Sep 17 00:00:00 2001 From: Bart Sears Date: Sat, 19 Aug 2023 20:48:05 +0000 Subject: [PATCH 030/321] Revert "Remove systemui_app dontaudit" Revert submission 24444207 Reason for revert: b/296705471 | Broken builds on udc-qpr1-release Reverted changes: /q/submissionid:24444207 ag/24441134 and ag/24444207 Change-Id: If3b89543d7ca871ac27a881ab608a9e1c244dbbc --- tracking_denials/systemui_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index e4416d8..1510f90 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,5 +1,5 @@ # b/272628396 -#dontaudit systemui_app service_manager_type:service_manager find; +dontaudit systemui_app service_manager_type:service_manager find; # b/294300348 userdebug_or_eng(` permissive systemui_app; From b1bacadf00a6c7b61cd4a8ccae95a7f728c9b0d7 Mon Sep 17 00:00:00 2001 From: Bart Sears Date: Sat, 19 Aug 2023 20:48:05 +0000 Subject: [PATCH 031/321] Revert "Permissive boot related domains during bringup stage" Revert submission 24444207 Reason for revert: b/296705471 | Broken builds on udc-qpr1-release Reverted changes: /q/submissionid:24444207 ag/24441134 and ag/24444207 Change-Id: Ic3bc342c693f7ec87b12594f3466d84689b68237 --- private/system_suspend.te | 3 --- tracking_denials/permissive.te | 19 ------------------- 2 files changed, 22 deletions(-) delete mode 100644 private/system_suspend.te delete mode 100644 tracking_denials/permissive.te diff --git a/private/system_suspend.te b/private/system_suspend.te deleted file mode 100644 index f126523..0000000 --- a/private/system_suspend.te +++ /dev/null @@ -1,3 +0,0 @@ -userdebug_or_eng(` - permissive system_suspend; -') diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te deleted file mode 100644 index 03bf18a..0000000 --- a/tracking_denials/permissive.te +++ /dev/null @@ -1,19 +0,0 @@ -userdebug_or_eng(` - permissive gxp_logging; - permissive hal_health_default; - permissive hal_power_stats_default; - permissive hal_uwb_default; - permissive hal_vibrator_default; - permissive hal_wireless_charger; - permissive init-qfp-sh; - permissive insmod-sh; - permissive network_stack; - permissive pixelstats_vendor; - permissive system_server; - permissive vendor_init; - permissive thermal_link_device; - permissive kernel; - permissive qfp-daemon; - permissive hal_power_default; - permissive servicemanager; -') From 2cce7696a26a5a54da1112d8f0f27aebed5fffd9 Mon Sep 17 00:00:00 2001 From: Seungjae Yoo Date: Mon, 21 Aug 2023 10:48:44 +0900 Subject: [PATCH 032/321] Label dtbo partition as dtbo_block_device Bug: 291191362 Test: presubmit tests Change-Id: Idd8cf894fe2b67df010e79497a06cb78a9ab433c --- vendor/file_contexts | 2 +- vendor/update_engine.te | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 42f22bf..01aa59c 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -66,7 +66,7 @@ /dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 diff --git a/vendor/update_engine.te b/vendor/update_engine.te index a403d9e..fb59e4b 100644 --- a/vendor/update_engine.te +++ b/vendor/update_engine.te @@ -1,3 +1,4 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; +allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine proc_bootconfig:file r_file_perms; From ede6811c3220ebce1f3a63a5454a4d48283b7c0d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 16 Aug 2023 18:49:31 +0800 Subject: [PATCH 033/321] Remove systemui_app dontaudit Bug: 296187211 Test: make selinux_policy Change-Id: Id6e2c110af6cc19c276106ff67f234919fb32837 --- tracking_denials/systemui_app.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index 1510f90..e4416d8 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,5 +1,5 @@ # b/272628396 -dontaudit systemui_app service_manager_type:service_manager find; +#dontaudit systemui_app service_manager_type:service_manager find; # b/294300348 userdebug_or_eng(` permissive systemui_app; From 4dd327ff4c987f230e732ef23ee746c09889017d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 16 Aug 2023 18:17:06 +0800 Subject: [PATCH 034/321] Permissive boot related domains during bringup stage Bug: 296187211 Test: make selinux_policy Change-Id: I09a16f867a22cf4613a58f419e2ecccf1d07d9ac --- private/system_suspend.te | 3 +++ tracking_denials/permissive.te | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 private/system_suspend.te create mode 100644 tracking_denials/permissive.te diff --git a/private/system_suspend.te b/private/system_suspend.te new file mode 100644 index 0000000..f126523 --- /dev/null +++ b/private/system_suspend.te @@ -0,0 +1,3 @@ +userdebug_or_eng(` + permissive system_suspend; +') diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te new file mode 100644 index 0000000..34a6823 --- /dev/null +++ b/tracking_denials/permissive.te @@ -0,0 +1,17 @@ +userdebug_or_eng(` + permissive gxp_logging; + permissive hal_health_default; + permissive hal_power_stats_default; + permissive hal_uwb_default; + permissive hal_vibrator_default; + permissive hal_wireless_charger; + permissive insmod-sh; + permissive network_stack; + permissive pixelstats_vendor; + permissive system_server; + permissive vendor_init; + permissive thermal_link_device; + permissive kernel; + permissive hal_power_default; + permissive servicemanager; +') From c52abed728aed81df1d1167a273ed1bf2838430f Mon Sep 17 00:00:00 2001 From: horngchuang Date: Mon, 21 Aug 2023 13:04:09 +0800 Subject: [PATCH 035/321] Add sepolicy permission of new camera components Bug: 296775053 Test: Build and test for sensor denials Change-Id: I53dfbcf47b1750402af7c85f9ff67cb4c25afbd3 --- vendor/file_contexts | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 42f22bf..4bc7b45 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -136,10 +136,14 @@ /dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 @@ -168,6 +172,7 @@ /dev/lwis-sensor-buraq u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-imentet u:object_r:lwis_device:s0 /dev/lwis-sensor-kraken u:object_r:lwis_device:s0 /dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 @@ -177,11 +182,12 @@ /dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 +/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-top u:object_r:lwis_device:s0 /dev/lwis-tof-tarasque u:object_r:lwis_device:s0 # Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. From f8d4e87b03b8a9648caa413b4b01dfc2ba5d4277 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Wed, 29 Mar 2023 17:17:11 +0800 Subject: [PATCH 036/321] Add sepolicies for gcma_camera heaps Bug: 275481134 Test: launch camera Change-Id: I2efe897826d3c32bb85c815207865c0db557ea9f Signed-off-by: Martin Liu --- vendor/device.te | 1 + vendor/file_contexts | 2 ++ vendor/hal_graphics_allocator_default.te | 1 + 3 files changed, 4 insertions(+) diff --git a/vendor/device.te b/vendor/device.te index 695c54f..226a697 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -14,6 +14,7 @@ type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; +type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 4bc7b45..1b60fe3 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -207,4 +207,6 @@ /dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 /dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/uci u:object_r:uci_device:s0 diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index 628329b..b624db1 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -3,3 +3,4 @@ allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; From 31eae0600cb46c3b53f749010bce9720314b750b Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Mon, 21 Aug 2023 09:10:52 +0000 Subject: [PATCH 037/321] Add missing paths for permission Bug: 296141243 Change-Id: I0905fbcad90a8d4f6cfbc881e73e6912461cf985 Signed-off-by: Spade Lee --- vendor/genfs_contexts | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index ab6062c..e5e1b33 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -177,7 +177,16 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 @@ -198,7 +207,26 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -242,7 +270,16 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 From 355f0df8fd219b03636b40859fc0f6b08358eb94 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 21 Aug 2023 16:25:59 +0800 Subject: [PATCH 038/321] Sync zuma-sepolicy to legacy folder Duplicate from zuma-sepolicy 7f3e2b9 Test: make selinux_policy Bug: 296187211 Change-Id: If686fbdcf058849479019e8b37bb1d57a0215ed6 Signed-off-by: Wilson Sung --- legacy/OWNERS | 3 + legacy/{ => legacy}/private/property_contexts | 0 .../system_ext/private/property_contexts | 2 + legacy/legacy/system_ext/public/property.te | 2 + .../{ => legacy}/whitechapel_pro/attributes | 0 .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 legacy/{ => legacy}/whitechapel_pro/device.te | 3 - legacy/{ => legacy}/whitechapel_pro/file.te | 3 - .../whitechapel_pro/file_contexts | 5 - .../whitechapel_pro/genfs_contexts | 0 .../hal_input_processor_default.te | 0 legacy/legacy/whitechapel_pro/keys.conf | 5 + .../whitechapel_pro/mac_permissions.xml | 0 .../{ => legacy}/whitechapel_pro/property.te | 0 .../whitechapel_pro/property_contexts | 0 .../{ => legacy}/whitechapel_pro/service.te | 0 .../whitechapel_pro/service_contexts | 0 legacy/{ => legacy}/whitechapel_pro/te_macros | 0 .../whitechapel_pro/vndservice.te | 0 .../whitechapel_pro/vndservice_contexts | 0 {private => legacy/private}/vendor_init.te | 0 {radio => legacy/radio}/bipchmgr.te | 0 .../radio}/cat_engine_service_app.te | 0 {radio => legacy/radio}/cbd.te | 0 {radio => legacy/radio}/cbrs_setup.te | 0 .../radio}/certs/com_google_mds.x509.pem | 0 {radio => legacy/radio}/device.te | 0 {radio => legacy/radio}/dmd.te | 0 {radio => legacy/radio}/file.te | 0 {radio => legacy/radio}/file_contexts | 0 {radio => legacy/radio}/fsck.te | 0 {radio => legacy/radio}/genfs_contexts | 5 +- {radio => legacy/radio}/gpsd.te | 0 {radio => legacy/radio}/grilservice_app.te | 1 + .../radio}/hal_radioext_default.te | 1 + {radio => legacy/radio}/hwservice.te | 0 {radio => legacy/radio}/hwservice_contexts | 0 {radio => legacy/radio}/hwservicemanager.te | 0 {radio => legacy/radio}/init.te | 0 {radio => legacy/radio}/init_radio.te | 0 legacy/radio/keys.conf | 3 + {radio => legacy/radio}/logger_app.te | 3 + {radio => legacy/radio}/mac_permissions.xml | 0 .../radio}/modem_diagnostic_app.te | 0 .../radio}/modem_logging_control.te | 0 {radio => legacy/radio}/modem_ml_svc_sit.te | 0 {radio => legacy/radio}/modem_svc_sit.te | 0 {radio => legacy/radio}/oemrilservice_app.te | 0 {radio => legacy/radio}/private/radio.te | 0 .../radio}/private/service_contexts | 0 {radio => legacy/radio}/property.te | 0 {radio => legacy/radio}/property_contexts | 0 legacy/radio/radio.te | 8 + {radio => legacy/radio}/rfsd.te | 0 legacy/radio/rild.te | 42 ++ {radio => legacy/radio}/sced.te | 0 {radio => legacy/radio}/seapp_contexts | 0 {radio => legacy/radio}/ssr_detector.te | 0 {radio => legacy/radio}/vcd.te | 0 .../radio}/vendor_engineermode_app.te | 0 {radio => legacy/radio}/vendor_ims_app.te | 0 .../radio}/vendor_ims_remote_app.te | 0 {radio => legacy/radio}/vendor_init.te | 0 .../radio}/vendor_qualifiednetworks_app.te | 0 {radio => legacy/radio}/vendor_rcs_app.te | 0 .../radio}/vendor_rcs_service_app.te | 0 .../radio}/vendor_silentlogging_remote_app.te | 0 .../radio}/vendor_telephony_debug_app.te | 0 .../vendor_telephony_silentlogging_app.te | 0 .../radio}/vendor_telephony_test_app.te | 0 {radio => legacy/radio}/vold.te | 0 .../system_ext}/private/platform_app.te | 0 legacy/system_ext/private/property_contexts | 2 - legacy/system_ext/private/seapp_contexts | 0 legacy/system_ext/private/systemui_app.te | 20 + legacy/system_ext/public/property.te | 6 +- legacy/system_ext/public/systemui_app.te | 0 legacy/tracking_denials/README.txt | 2 + legacy/tracking_denials/bug_map | 10 + legacy/tracking_denials/kernel.te | 2 + .../rebalance_interrupts_vendor.te | 0 {vendor => legacy/vendor}/audioserver.te | 0 {vendor => legacy/vendor}/bootanim.te | 0 .../vendor}/cccdk_timesync_app.te | 3 +- legacy/vendor/certs/app.x509.pem | 27 + legacy/vendor/certs/camera_eng.x509.pem | 17 + legacy/vendor/certs/camera_fishfood.x509.pem | 15 + ...ogle_android_apps_camera_services.x509.pem | 30 + {vendor => legacy/vendor}/charger_vendor.te | 0 legacy/vendor/chre.te | 16 + legacy/vendor/con_monitor_app.te | 12 + legacy/vendor/debug_camera_app.te | 26 + legacy/vendor/device.te | 29 + .../disable-contaminant-detection-sh.te | 7 + {vendor => legacy/vendor}/domain.te | 0 legacy/vendor/dump_cma.te | 7 + {vendor => legacy/vendor}/dump_gsa.te | 0 {vendor => legacy/vendor}/dump_power.te | 0 {vendor => legacy/vendor}/dump_wlan.te | 0 {vendor => legacy/vendor}/dumpstate.te | 0 {vendor => legacy/vendor}/e2fs.te | 0 {vendor => legacy/vendor}/euiccpixel_app.te | 0 legacy/vendor/fastbootd.te | 6 + legacy/vendor/file.te | 57 ++ legacy/vendor/file_contexts | 181 ++++++ {vendor => legacy/vendor}/fsck.te | 0 legacy/vendor/genfs_contexts | 501 ++++++++++++++++ legacy/vendor/google_camera_app.te | 23 + legacy/vendor/gxp_logging.te | 22 + .../vendor}/hal_bluetooth_btlinux.te | 0 .../vendor}/hal_bootctl_default.te | 4 + .../vendor}/hal_camera_default.te | 7 + .../vendor}/hal_contexthub_default.te | 0 .../vendor}/hal_fingerprint_default.te | 4 + .../vendor/hal_graphics_allocator_default.te | 6 + .../vendor}/hal_graphics_composer_default.te | 0 legacy/vendor/hal_health_default.te | 16 + .../vendor}/hal_memtrack_default.te | 0 {vendor => legacy/vendor}/hal_nfc_default.te | 0 .../vendor}/hal_power_default.te | 4 +- .../vendor}/hal_power_stats_default.te | 1 + .../vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../vendor}/hal_secure_element_uicc.te | 0 .../vendor}/hal_sensors_default.te | 6 + .../vendor}/hal_thermal_default.te | 0 .../vendor}/hal_usb_gadget_impl.te | 0 {vendor => legacy/vendor}/hal_usb_impl.te | 1 + .../vendor}/hal_uwb_vendor_default.te | 4 + {vendor => legacy/vendor}/hal_wifi_ext.te | 0 .../vendor}/hal_wireless_charger.te | 0 {vendor => legacy/vendor}/hwservice.te | 0 {vendor => legacy/vendor}/hwservice_contexts | 0 {vendor => legacy/vendor}/init.te | 0 {vendor => legacy/vendor}/insmod-sh.te | 0 {vendor => legacy/vendor}/installd.te | 0 legacy/vendor/kernel.te | 24 + {vendor => legacy/vendor}/logd.te | 0 {vendor => legacy/vendor}/mac_permissions.xml | 0 .../vendor}/mediacodec_google.te | 1 + legacy/vendor/pixeldisplayservice_app.te | 11 + legacy/vendor/pixelstats_vendor.te | 35 ++ {vendor => legacy/vendor}/platform_app.te | 0 {vendor => legacy/vendor}/property.te | 3 + {vendor => legacy/vendor}/property_contexts | 4 + {vendor => legacy/vendor}/ramdump_app.te | 0 {vendor => legacy/vendor}/recovery.te | 0 {vendor => legacy/vendor}/rlsservice.te | 0 legacy/vendor/seapp_contexts | 31 + {vendor => legacy/vendor}/service.te | 0 {vendor => legacy/vendor}/service_contexts | 0 {vendor => legacy/vendor}/shell.te | 0 {vendor => legacy/vendor}/surfaceflinger.te | 0 {vendor => legacy/vendor}/system_app.te | 0 {vendor => legacy/vendor}/system_server.te | 1 + {vendor => legacy/vendor}/systemui_app.te | 0 {vendor => legacy/vendor}/tcpdump_logger.te | 0 {vendor => legacy/vendor}/tee.te | 0 {vendor => legacy/vendor}/toolbox.te | 0 {vendor => legacy/vendor}/trusty_apploader.te | 0 {vendor => legacy/vendor}/trusty_metricsd.te | 0 {vendor => legacy/vendor}/twoshay.te | 0 .../vendor}/ufs_firmware_update.te | 0 {vendor => legacy/vendor}/update_engine.te | 0 {vendor => legacy/vendor}/uwb_vendor_app.te | 0 {vendor => legacy/vendor}/vendor_init.te | 9 +- {vendor => legacy/vendor}/vendor_uwb_init.te | 3 + {vendor => legacy/vendor}/vndservice.te | 0 {vendor => legacy/vendor}/vndservice_contexts | 0 {vendor => legacy/vendor}/wifi_sniffer.te | 0 legacy/whitechapel_pro/keys.conf | 5 - {widevine => legacy/widevine}/file.te | 0 {widevine => legacy/widevine}/file_contexts | 0 .../widevine}/hal_drm_clearkey.te | 0 .../widevine}/hal_drm_widevine.te | 0 .../widevine}/service_contexts | 0 radio/keys.conf | 3 - radio/radio.te | 6 - tracking_denials/con_monitor_app.te | 36 -- tracking_denials/dumpstate.te | 2 - tracking_denials/fastbootd.te | 4 - tracking_denials/hal_sensors_default.te | 3 - tracking_denials/hal_usb_impl.te | 2 - tracking_denials/incidentd.te | 3 - tracking_denials/kernel.te | 7 - tracking_denials/ssr_detector_app.te | 6 - tracking_denials/update_engine.te | 2 - tracking_denials/vendor_init.te | 3 - vendor/chre.te | 16 - vendor/con_monitor_app.te | 3 - vendor/debug_camera_app.te | 8 - vendor/device.te | 20 - vendor/file.te | 55 +- vendor/file_contexts | 181 +----- vendor/genfs_contexts | 560 ++---------------- vendor/google_camera_app.te | 7 - vendor/gxp_logging.te | 10 - vendor/hal_graphics_allocator_default.te | 6 +- vendor/hal_health_default.te | 15 - vendor/kernel.te | 15 - vendor/pixeldisplayservice_app.te | 2 - vendor/pixelstats_vendor.te | 23 - vendor/seapp_contexts | 15 - zumapro-sepolicy.mk | 11 +- 205 files changed, 1314 insertions(+), 997 deletions(-) create mode 100644 legacy/OWNERS rename legacy/{ => legacy}/private/property_contexts (100%) create mode 100644 legacy/legacy/system_ext/private/property_contexts create mode 100644 legacy/legacy/system_ext/public/property.te rename legacy/{ => legacy}/whitechapel_pro/attributes (100%) rename legacy/{ => legacy}/whitechapel_pro/certs/EuiccSupportPixel.x509.pem (100%) rename legacy/{ => legacy}/whitechapel_pro/certs/com_qorvo_uwb.x509.pem (100%) rename legacy/{ => legacy}/whitechapel_pro/device.te (70%) rename legacy/{ => legacy}/whitechapel_pro/file.te (82%) rename legacy/{ => legacy}/whitechapel_pro/file_contexts (93%) rename legacy/{ => legacy}/whitechapel_pro/genfs_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/hal_input_processor_default.te (100%) create mode 100644 legacy/legacy/whitechapel_pro/keys.conf rename legacy/{ => legacy}/whitechapel_pro/mac_permissions.xml (100%) rename legacy/{ => legacy}/whitechapel_pro/property.te (100%) rename legacy/{ => legacy}/whitechapel_pro/property_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/service.te (100%) rename legacy/{ => legacy}/whitechapel_pro/service_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/te_macros (100%) rename legacy/{ => legacy}/whitechapel_pro/vndservice.te (100%) rename legacy/{ => legacy}/whitechapel_pro/vndservice_contexts (100%) rename {private => legacy/private}/vendor_init.te (100%) rename {radio => legacy/radio}/bipchmgr.te (100%) rename {radio => legacy/radio}/cat_engine_service_app.te (100%) rename {radio => legacy/radio}/cbd.te (100%) rename {radio => legacy/radio}/cbrs_setup.te (100%) rename {radio => legacy/radio}/certs/com_google_mds.x509.pem (100%) rename {radio => legacy/radio}/device.te (100%) rename {radio => legacy/radio}/dmd.te (100%) rename {radio => legacy/radio}/file.te (100%) rename {radio => legacy/radio}/file_contexts (100%) rename {radio => legacy/radio}/fsck.te (100%) rename {radio => legacy/radio}/genfs_contexts (63%) rename {radio => legacy/radio}/gpsd.te (100%) rename {radio => legacy/radio}/grilservice_app.te (92%) rename {radio => legacy/radio}/hal_radioext_default.te (92%) rename {radio => legacy/radio}/hwservice.te (100%) rename {radio => legacy/radio}/hwservice_contexts (100%) rename {radio => legacy/radio}/hwservicemanager.te (100%) rename {radio => legacy/radio}/init.te (100%) rename {radio => legacy/radio}/init_radio.te (100%) create mode 100644 legacy/radio/keys.conf rename {radio => legacy/radio}/logger_app.te (91%) rename {radio => legacy/radio}/mac_permissions.xml (100%) rename {radio => legacy/radio}/modem_diagnostic_app.te (100%) rename {radio => legacy/radio}/modem_logging_control.te (100%) rename {radio => legacy/radio}/modem_ml_svc_sit.te (100%) rename {radio => legacy/radio}/modem_svc_sit.te (100%) rename {radio => legacy/radio}/oemrilservice_app.te (100%) rename {radio => legacy/radio}/private/radio.te (100%) rename {radio => legacy/radio}/private/service_contexts (100%) rename {radio => legacy/radio}/property.te (100%) rename {radio => legacy/radio}/property_contexts (100%) create mode 100644 legacy/radio/radio.te rename {radio => legacy/radio}/rfsd.te (100%) create mode 100644 legacy/radio/rild.te rename {radio => legacy/radio}/sced.te (100%) rename {radio => legacy/radio}/seapp_contexts (100%) rename {radio => legacy/radio}/ssr_detector.te (100%) rename {radio => legacy/radio}/vcd.te (100%) rename {radio => legacy/radio}/vendor_engineermode_app.te (100%) rename {radio => legacy/radio}/vendor_ims_app.te (100%) rename {radio => legacy/radio}/vendor_ims_remote_app.te (100%) rename {radio => legacy/radio}/vendor_init.te (100%) rename {radio => legacy/radio}/vendor_qualifiednetworks_app.te (100%) rename {radio => legacy/radio}/vendor_rcs_app.te (100%) rename {radio => legacy/radio}/vendor_rcs_service_app.te (100%) rename {radio => legacy/radio}/vendor_silentlogging_remote_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_debug_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_silentlogging_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_test_app.te (100%) rename {radio => legacy/radio}/vold.te (100%) rename {system_ext => legacy/system_ext}/private/platform_app.te (100%) create mode 100644 legacy/system_ext/private/seapp_contexts create mode 100644 legacy/system_ext/private/systemui_app.te create mode 100644 legacy/system_ext/public/systemui_app.te create mode 100644 legacy/tracking_denials/README.txt create mode 100644 legacy/tracking_denials/bug_map create mode 100644 legacy/tracking_denials/kernel.te rename {tracking_denials => legacy/tracking_denials}/rebalance_interrupts_vendor.te (100%) rename {vendor => legacy/vendor}/audioserver.te (100%) rename {vendor => legacy/vendor}/bootanim.te (100%) rename {vendor => legacy/vendor}/cccdk_timesync_app.te (77%) create mode 100644 legacy/vendor/certs/app.x509.pem create mode 100644 legacy/vendor/certs/camera_eng.x509.pem create mode 100644 legacy/vendor/certs/camera_fishfood.x509.pem create mode 100644 legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem rename {vendor => legacy/vendor}/charger_vendor.te (100%) create mode 100644 legacy/vendor/chre.te create mode 100644 legacy/vendor/con_monitor_app.te create mode 100644 legacy/vendor/debug_camera_app.te create mode 100644 legacy/vendor/device.te create mode 100644 legacy/vendor/disable-contaminant-detection-sh.te rename {vendor => legacy/vendor}/domain.te (100%) create mode 100644 legacy/vendor/dump_cma.te rename {vendor => legacy/vendor}/dump_gsa.te (100%) rename {vendor => legacy/vendor}/dump_power.te (100%) rename {vendor => legacy/vendor}/dump_wlan.te (100%) rename {vendor => legacy/vendor}/dumpstate.te (100%) rename {vendor => legacy/vendor}/e2fs.te (100%) rename {vendor => legacy/vendor}/euiccpixel_app.te (100%) create mode 100644 legacy/vendor/fastbootd.te create mode 100644 legacy/vendor/file.te create mode 100644 legacy/vendor/file_contexts rename {vendor => legacy/vendor}/fsck.te (100%) create mode 100644 legacy/vendor/genfs_contexts create mode 100644 legacy/vendor/google_camera_app.te create mode 100644 legacy/vendor/gxp_logging.te rename {vendor => legacy/vendor}/hal_bluetooth_btlinux.te (100%) rename {vendor => legacy/vendor}/hal_bootctl_default.te (77%) rename {vendor => legacy/vendor}/hal_camera_default.te (93%) rename {vendor => legacy/vendor}/hal_contexthub_default.te (100%) rename {vendor => legacy/vendor}/hal_fingerprint_default.te (91%) create mode 100644 legacy/vendor/hal_graphics_allocator_default.te rename {vendor => legacy/vendor}/hal_graphics_composer_default.te (100%) create mode 100644 legacy/vendor/hal_health_default.te rename {vendor => legacy/vendor}/hal_memtrack_default.te (100%) rename {vendor => legacy/vendor}/hal_nfc_default.te (100%) rename {vendor => legacy/vendor}/hal_power_default.te (66%) rename {vendor => legacy/vendor}/hal_power_stats_default.te (94%) rename {vendor => legacy/vendor}/hal_radioext_default.te (100%) rename {vendor => legacy/vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {vendor => legacy/vendor}/hal_secure_element_uicc.te (100%) rename {vendor => legacy/vendor}/hal_sensors_default.te (91%) rename {vendor => legacy/vendor}/hal_thermal_default.te (100%) rename {vendor => legacy/vendor}/hal_usb_gadget_impl.te (100%) rename {vendor => legacy/vendor}/hal_usb_impl.te (93%) rename {vendor => legacy/vendor}/hal_uwb_vendor_default.te (54%) rename {vendor => legacy/vendor}/hal_wifi_ext.te (100%) rename {vendor => legacy/vendor}/hal_wireless_charger.te (100%) rename {vendor => legacy/vendor}/hwservice.te (100%) rename {vendor => legacy/vendor}/hwservice_contexts (100%) rename {vendor => legacy/vendor}/init.te (100%) rename {vendor => legacy/vendor}/insmod-sh.te (100%) rename {vendor => legacy/vendor}/installd.te (100%) create mode 100644 legacy/vendor/kernel.te rename {vendor => legacy/vendor}/logd.te (100%) rename {vendor => legacy/vendor}/mac_permissions.xml (100%) rename {vendor => legacy/vendor}/mediacodec_google.te (95%) create mode 100644 legacy/vendor/pixeldisplayservice_app.te create mode 100644 legacy/vendor/pixelstats_vendor.te rename {vendor => legacy/vendor}/platform_app.te (100%) rename {vendor => legacy/vendor}/property.te (87%) rename {vendor => legacy/vendor}/property_contexts (87%) rename {vendor => legacy/vendor}/ramdump_app.te (100%) rename {vendor => legacy/vendor}/recovery.te (100%) rename {vendor => legacy/vendor}/rlsservice.te (100%) create mode 100644 legacy/vendor/seapp_contexts rename {vendor => legacy/vendor}/service.te (100%) rename {vendor => legacy/vendor}/service_contexts (100%) rename {vendor => legacy/vendor}/shell.te (100%) rename {vendor => legacy/vendor}/surfaceflinger.te (100%) rename {vendor => legacy/vendor}/system_app.te (100%) rename {vendor => legacy/vendor}/system_server.te (82%) rename {vendor => legacy/vendor}/systemui_app.te (100%) rename {vendor => legacy/vendor}/tcpdump_logger.te (100%) rename {vendor => legacy/vendor}/tee.te (100%) rename {vendor => legacy/vendor}/toolbox.te (100%) rename {vendor => legacy/vendor}/trusty_apploader.te (100%) rename {vendor => legacy/vendor}/trusty_metricsd.te (100%) rename {vendor => legacy/vendor}/twoshay.te (100%) rename {vendor => legacy/vendor}/ufs_firmware_update.te (100%) rename {vendor => legacy/vendor}/update_engine.te (100%) rename {vendor => legacy/vendor}/uwb_vendor_app.te (100%) rename {vendor => legacy/vendor}/vendor_init.te (88%) rename {vendor => legacy/vendor}/vendor_uwb_init.te (53%) rename {vendor => legacy/vendor}/vndservice.te (100%) rename {vendor => legacy/vendor}/vndservice_contexts (100%) rename {vendor => legacy/vendor}/wifi_sniffer.te (100%) delete mode 100644 legacy/whitechapel_pro/keys.conf rename {widevine => legacy/widevine}/file.te (100%) rename {widevine => legacy/widevine}/file_contexts (100%) rename {widevine => legacy/widevine}/hal_drm_clearkey.te (100%) rename {widevine => legacy/widevine}/hal_drm_widevine.te (100%) rename {widevine => legacy/widevine}/service_contexts (100%) delete mode 100644 radio/keys.conf delete mode 100644 tracking_denials/con_monitor_app.te delete mode 100644 tracking_denials/dumpstate.te delete mode 100644 tracking_denials/fastbootd.te delete mode 100644 tracking_denials/hal_sensors_default.te delete mode 100644 tracking_denials/hal_usb_impl.te delete mode 100644 tracking_denials/incidentd.te delete mode 100644 tracking_denials/kernel.te delete mode 100644 tracking_denials/ssr_detector_app.te delete mode 100644 tracking_denials/update_engine.te delete mode 100644 tracking_denials/vendor_init.te delete mode 100644 vendor/con_monitor_app.te delete mode 100644 vendor/debug_camera_app.te delete mode 100644 vendor/google_camera_app.te delete mode 100644 vendor/gxp_logging.te delete mode 100644 vendor/kernel.te delete mode 100644 vendor/pixeldisplayservice_app.te delete mode 100644 vendor/seapp_contexts diff --git a/legacy/OWNERS b/legacy/OWNERS new file mode 100644 index 0000000..791abb4 --- /dev/null +++ b/legacy/OWNERS @@ -0,0 +1,3 @@ +include platform/system/sepolicy:/OWNERS + +rurumihong@google.com diff --git a/legacy/private/property_contexts b/legacy/legacy/private/property_contexts similarity index 100% rename from legacy/private/property_contexts rename to legacy/legacy/private/property_contexts diff --git a/legacy/legacy/system_ext/private/property_contexts b/legacy/legacy/system_ext/private/property_contexts new file mode 100644 index 0000000..9f462bd --- /dev/null +++ b/legacy/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/legacy/system_ext/public/property.te b/legacy/legacy/system_ext/public/property.te new file mode 100644 index 0000000..8908e48 --- /dev/null +++ b/legacy/legacy/system_ext/public/property.te @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/whitechapel_pro/attributes b/legacy/legacy/whitechapel_pro/attributes similarity index 100% rename from legacy/whitechapel_pro/attributes rename to legacy/legacy/whitechapel_pro/attributes diff --git a/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/whitechapel_pro/device.te b/legacy/legacy/whitechapel_pro/device.te similarity index 70% rename from legacy/whitechapel_pro/device.te rename to legacy/legacy/whitechapel_pro/device.te index bf6f21c..7d31940 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/legacy/whitechapel_pro/device.te @@ -2,6 +2,3 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/whitechapel_pro/file.te b/legacy/legacy/whitechapel_pro/file.te similarity index 82% rename from legacy/whitechapel_pro/file.te rename to legacy/legacy/whitechapel_pro/file.te index 23d748b..f59a80b 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/legacy/whitechapel_pro/file.te @@ -2,8 +2,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -19,7 +17,6 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/legacy/whitechapel_pro/file_contexts similarity index 93% rename from legacy/whitechapel_pro/file_contexts rename to legacy/legacy/whitechapel_pro/file_contexts index a9901c0..3ee41cd 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/legacy/whitechapel_pro/file_contexts @@ -41,13 +41,8 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/legacy/whitechapel_pro/genfs_contexts similarity index 100% rename from legacy/whitechapel_pro/genfs_contexts rename to legacy/legacy/whitechapel_pro/genfs_contexts diff --git a/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/legacy/whitechapel_pro/hal_input_processor_default.te similarity index 100% rename from legacy/whitechapel_pro/hal_input_processor_default.te rename to legacy/legacy/whitechapel_pro/hal_input_processor_default.te diff --git a/legacy/legacy/whitechapel_pro/keys.conf b/legacy/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..acc82e4 --- /dev/null +++ b/legacy/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/mac_permissions.xml b/legacy/legacy/whitechapel_pro/mac_permissions.xml similarity index 100% rename from legacy/whitechapel_pro/mac_permissions.xml rename to legacy/legacy/whitechapel_pro/mac_permissions.xml diff --git a/legacy/whitechapel_pro/property.te b/legacy/legacy/whitechapel_pro/property.te similarity index 100% rename from legacy/whitechapel_pro/property.te rename to legacy/legacy/whitechapel_pro/property.te diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/legacy/whitechapel_pro/property_contexts similarity index 100% rename from legacy/whitechapel_pro/property_contexts rename to legacy/legacy/whitechapel_pro/property_contexts diff --git a/legacy/whitechapel_pro/service.te b/legacy/legacy/whitechapel_pro/service.te similarity index 100% rename from legacy/whitechapel_pro/service.te rename to legacy/legacy/whitechapel_pro/service.te diff --git a/legacy/whitechapel_pro/service_contexts b/legacy/legacy/whitechapel_pro/service_contexts similarity index 100% rename from legacy/whitechapel_pro/service_contexts rename to legacy/legacy/whitechapel_pro/service_contexts diff --git a/legacy/whitechapel_pro/te_macros b/legacy/legacy/whitechapel_pro/te_macros similarity index 100% rename from legacy/whitechapel_pro/te_macros rename to legacy/legacy/whitechapel_pro/te_macros diff --git a/legacy/whitechapel_pro/vndservice.te b/legacy/legacy/whitechapel_pro/vndservice.te similarity index 100% rename from legacy/whitechapel_pro/vndservice.te rename to legacy/legacy/whitechapel_pro/vndservice.te diff --git a/legacy/whitechapel_pro/vndservice_contexts b/legacy/legacy/whitechapel_pro/vndservice_contexts similarity index 100% rename from legacy/whitechapel_pro/vndservice_contexts rename to legacy/legacy/whitechapel_pro/vndservice_contexts diff --git a/private/vendor_init.te b/legacy/private/vendor_init.te similarity index 100% rename from private/vendor_init.te rename to legacy/private/vendor_init.te diff --git a/radio/bipchmgr.te b/legacy/radio/bipchmgr.te similarity index 100% rename from radio/bipchmgr.te rename to legacy/radio/bipchmgr.te diff --git a/radio/cat_engine_service_app.te b/legacy/radio/cat_engine_service_app.te similarity index 100% rename from radio/cat_engine_service_app.te rename to legacy/radio/cat_engine_service_app.te diff --git a/radio/cbd.te b/legacy/radio/cbd.te similarity index 100% rename from radio/cbd.te rename to legacy/radio/cbd.te diff --git a/radio/cbrs_setup.te b/legacy/radio/cbrs_setup.te similarity index 100% rename from radio/cbrs_setup.te rename to legacy/radio/cbrs_setup.te diff --git a/radio/certs/com_google_mds.x509.pem b/legacy/radio/certs/com_google_mds.x509.pem similarity index 100% rename from radio/certs/com_google_mds.x509.pem rename to legacy/radio/certs/com_google_mds.x509.pem diff --git a/radio/device.te b/legacy/radio/device.te similarity index 100% rename from radio/device.te rename to legacy/radio/device.te diff --git a/radio/dmd.te b/legacy/radio/dmd.te similarity index 100% rename from radio/dmd.te rename to legacy/radio/dmd.te diff --git a/radio/file.te b/legacy/radio/file.te similarity index 100% rename from radio/file.te rename to legacy/radio/file.te diff --git a/radio/file_contexts b/legacy/radio/file_contexts similarity index 100% rename from radio/file_contexts rename to legacy/radio/file_contexts diff --git a/radio/fsck.te b/legacy/radio/fsck.te similarity index 100% rename from radio/fsck.te rename to legacy/radio/fsck.te diff --git a/radio/genfs_contexts b/legacy/radio/genfs_contexts similarity index 63% rename from radio/genfs_contexts rename to legacy/radio/genfs_contexts index 347e461..6f0199f 100644 --- a/radio/genfs_contexts +++ b/legacy/radio/genfs_contexts @@ -4,8 +4,5 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -# GPS -genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 - # Modem -genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/radio/gpsd.te b/legacy/radio/gpsd.te similarity index 100% rename from radio/gpsd.te rename to legacy/radio/gpsd.te diff --git a/radio/grilservice_app.te b/legacy/radio/grilservice_app.te similarity index 92% rename from radio/grilservice_app.te rename to legacy/radio/grilservice_app.te index 2525bab..16976c9 100644 --- a/radio/grilservice_app.te +++ b/legacy/radio/grilservice_app.te @@ -3,6 +3,7 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; diff --git a/radio/hal_radioext_default.te b/legacy/radio/hal_radioext_default.te similarity index 92% rename from radio/hal_radioext_default.te rename to legacy/radio/hal_radioext_default.te index 6e17e19..7bc0e96 100644 --- a/radio/hal_radioext_default.te +++ b/legacy/radio/hal_radioext_default.te @@ -19,6 +19,7 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/radio/hwservice.te b/legacy/radio/hwservice.te similarity index 100% rename from radio/hwservice.te rename to legacy/radio/hwservice.te diff --git a/radio/hwservice_contexts b/legacy/radio/hwservice_contexts similarity index 100% rename from radio/hwservice_contexts rename to legacy/radio/hwservice_contexts diff --git a/radio/hwservicemanager.te b/legacy/radio/hwservicemanager.te similarity index 100% rename from radio/hwservicemanager.te rename to legacy/radio/hwservicemanager.te diff --git a/radio/init.te b/legacy/radio/init.te similarity index 100% rename from radio/init.te rename to legacy/radio/init.te diff --git a/radio/init_radio.te b/legacy/radio/init_radio.te similarity index 100% rename from radio/init_radio.te rename to legacy/radio/init_radio.te diff --git a/legacy/radio/keys.conf b/legacy/radio/keys.conf new file mode 100644 index 0000000..4784c60 --- /dev/null +++ b/legacy/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/radio/logger_app.te b/legacy/radio/logger_app.te similarity index 91% rename from radio/logger_app.te rename to legacy/radio/logger_app.te index 098955d..ab43385 100644 --- a/radio/logger_app.te +++ b/legacy/radio/logger_app.te @@ -5,6 +5,9 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:file create_file_perms; allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/radio/mac_permissions.xml b/legacy/radio/mac_permissions.xml similarity index 100% rename from radio/mac_permissions.xml rename to legacy/radio/mac_permissions.xml diff --git a/radio/modem_diagnostic_app.te b/legacy/radio/modem_diagnostic_app.te similarity index 100% rename from radio/modem_diagnostic_app.te rename to legacy/radio/modem_diagnostic_app.te diff --git a/radio/modem_logging_control.te b/legacy/radio/modem_logging_control.te similarity index 100% rename from radio/modem_logging_control.te rename to legacy/radio/modem_logging_control.te diff --git a/radio/modem_ml_svc_sit.te b/legacy/radio/modem_ml_svc_sit.te similarity index 100% rename from radio/modem_ml_svc_sit.te rename to legacy/radio/modem_ml_svc_sit.te diff --git a/radio/modem_svc_sit.te b/legacy/radio/modem_svc_sit.te similarity index 100% rename from radio/modem_svc_sit.te rename to legacy/radio/modem_svc_sit.te diff --git a/radio/oemrilservice_app.te b/legacy/radio/oemrilservice_app.te similarity index 100% rename from radio/oemrilservice_app.te rename to legacy/radio/oemrilservice_app.te diff --git a/radio/private/radio.te b/legacy/radio/private/radio.te similarity index 100% rename from radio/private/radio.te rename to legacy/radio/private/radio.te diff --git a/radio/private/service_contexts b/legacy/radio/private/service_contexts similarity index 100% rename from radio/private/service_contexts rename to legacy/radio/private/service_contexts diff --git a/radio/property.te b/legacy/radio/property.te similarity index 100% rename from radio/property.te rename to legacy/radio/property.te diff --git a/radio/property_contexts b/legacy/radio/property_contexts similarity index 100% rename from radio/property_contexts rename to legacy/radio/property_contexts diff --git a/legacy/radio/radio.te b/legacy/radio/radio.te new file mode 100644 index 0000000..221c812 --- /dev/null +++ b/legacy/radio/radio.te @@ -0,0 +1,8 @@ +set_prop(radio, telephony_ril_prop) + +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/radio/rfsd.te b/legacy/radio/rfsd.te similarity index 100% rename from radio/rfsd.te rename to legacy/radio/rfsd.te diff --git a/legacy/radio/rild.te b/legacy/radio/rild.te new file mode 100644 index 0000000..3a2bac7 --- /dev/null +++ b/legacy/radio/rild.te @@ -0,0 +1,42 @@ +set_prop(rild, vendor_rild_prop) +set_prop(rild, vendor_modem_prop) +get_prop(rild, vendor_persist_config_default_prop) +get_prop(rild, vendor_carrier_prop) + +get_prop(rild, sota_prop) +get_prop(rild, system_boot_reason_prop) + +set_prop(rild, telephony_ril_prop) + +allow rild proc_net:file rw_file_perms; +allow rild radio_vendor_data_file:dir create_dir_perms; +allow rild radio_vendor_data_file:file create_file_perms; +allow rild rild_vendor_data_file:dir create_dir_perms; +allow rild rild_vendor_data_file:file create_file_perms; +allow rild vendor_fw_file:file r_file_perms; +allow rild mnt_vendor_file:dir r_dir_perms; + +r_dir_file(rild, modem_img_file) + +binder_call(rild, bipchmgr) +binder_call(rild, gpsd) +binder_call(rild, hal_audio_default) +binder_call(rild, modem_svc_sit) +binder_call(rild, vendor_ims_app) +binder_call(rild, vendor_rcs_app) +binder_call(rild, oemrilservice_app) +binder_call(rild, hal_secure_element_uicc) +binder_call(rild, grilservice_app) +binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) +binder_call(rild, logger_app) + +crash_dump_fallback(rild) + +# for hal service +add_hwservice(rild, hal_exynos_rild_hwservice) + +# Allow rild to access files on modem img. +allow rild modem_img_file:dir r_dir_perms; +allow rild modem_img_file:file r_file_perms; +allow rild modem_img_file:lnk_file r_file_perms; diff --git a/radio/sced.te b/legacy/radio/sced.te similarity index 100% rename from radio/sced.te rename to legacy/radio/sced.te diff --git a/radio/seapp_contexts b/legacy/radio/seapp_contexts similarity index 100% rename from radio/seapp_contexts rename to legacy/radio/seapp_contexts diff --git a/radio/ssr_detector.te b/legacy/radio/ssr_detector.te similarity index 100% rename from radio/ssr_detector.te rename to legacy/radio/ssr_detector.te diff --git a/radio/vcd.te b/legacy/radio/vcd.te similarity index 100% rename from radio/vcd.te rename to legacy/radio/vcd.te diff --git a/radio/vendor_engineermode_app.te b/legacy/radio/vendor_engineermode_app.te similarity index 100% rename from radio/vendor_engineermode_app.te rename to legacy/radio/vendor_engineermode_app.te diff --git a/radio/vendor_ims_app.te b/legacy/radio/vendor_ims_app.te similarity index 100% rename from radio/vendor_ims_app.te rename to legacy/radio/vendor_ims_app.te diff --git a/radio/vendor_ims_remote_app.te b/legacy/radio/vendor_ims_remote_app.te similarity index 100% rename from radio/vendor_ims_remote_app.te rename to legacy/radio/vendor_ims_remote_app.te diff --git a/radio/vendor_init.te b/legacy/radio/vendor_init.te similarity index 100% rename from radio/vendor_init.te rename to legacy/radio/vendor_init.te diff --git a/radio/vendor_qualifiednetworks_app.te b/legacy/radio/vendor_qualifiednetworks_app.te similarity index 100% rename from radio/vendor_qualifiednetworks_app.te rename to legacy/radio/vendor_qualifiednetworks_app.te diff --git a/radio/vendor_rcs_app.te b/legacy/radio/vendor_rcs_app.te similarity index 100% rename from radio/vendor_rcs_app.te rename to legacy/radio/vendor_rcs_app.te diff --git a/radio/vendor_rcs_service_app.te b/legacy/radio/vendor_rcs_service_app.te similarity index 100% rename from radio/vendor_rcs_service_app.te rename to legacy/radio/vendor_rcs_service_app.te diff --git a/radio/vendor_silentlogging_remote_app.te b/legacy/radio/vendor_silentlogging_remote_app.te similarity index 100% rename from radio/vendor_silentlogging_remote_app.te rename to legacy/radio/vendor_silentlogging_remote_app.te diff --git a/radio/vendor_telephony_debug_app.te b/legacy/radio/vendor_telephony_debug_app.te similarity index 100% rename from radio/vendor_telephony_debug_app.te rename to legacy/radio/vendor_telephony_debug_app.te diff --git a/radio/vendor_telephony_silentlogging_app.te b/legacy/radio/vendor_telephony_silentlogging_app.te similarity index 100% rename from radio/vendor_telephony_silentlogging_app.te rename to legacy/radio/vendor_telephony_silentlogging_app.te diff --git a/radio/vendor_telephony_test_app.te b/legacy/radio/vendor_telephony_test_app.te similarity index 100% rename from radio/vendor_telephony_test_app.te rename to legacy/radio/vendor_telephony_test_app.te diff --git a/radio/vold.te b/legacy/radio/vold.te similarity index 100% rename from radio/vold.te rename to legacy/radio/vold.te diff --git a/system_ext/private/platform_app.te b/legacy/system_ext/private/platform_app.te similarity index 100% rename from system_ext/private/platform_app.te rename to legacy/system_ext/private/platform_app.te diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts index 9f462bd..e69de29 100644 --- a/legacy/system_ext/private/property_contexts +++ b/legacy/system_ext/private/property_contexts @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/private/seapp_contexts b/legacy/system_ext/private/seapp_contexts new file mode 100644 index 0000000..e69de29 diff --git a/legacy/system_ext/private/systemui_app.te b/legacy/system_ext/private/systemui_app.te new file mode 100644 index 0000000..99f30ac --- /dev/null +++ b/legacy/system_ext/private/systemui_app.te @@ -0,0 +1,20 @@ + +allow systemui_app app_api_service:service_manager find; +allow systemui_app network_score_service:service_manager find; +allow systemui_app overlay_service:service_manager find; +allow systemui_app color_display_service:service_manager find; +allow systemui_app audioserver_service:service_manager find; +allow systemui_app cameraserver_service:service_manager find; +allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; +allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; +allow systemui_app nfc_service:service_manager find; +allow systemui_app adb_service:service_manager find; +allow systemui_app statsmanager_service:service_manager find; + +get_prop(systemui_app, keyguard_config_prop) +set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) + diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te index 8908e48..2b30a6a 100644 --- a/legacy/system_ext/public/property.te +++ b/legacy/system_ext/public/property.te @@ -1,2 +1,4 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) +# Telephony +userdebug_or_eng(` + set_prop(shell, telephony_ril_prop) +') diff --git a/legacy/system_ext/public/systemui_app.te b/legacy/system_ext/public/systemui_app.te new file mode 100644 index 0000000..e69de29 diff --git a/legacy/tracking_denials/README.txt b/legacy/tracking_denials/README.txt new file mode 100644 index 0000000..6cfc62d --- /dev/null +++ b/legacy/tracking_denials/README.txt @@ -0,0 +1,2 @@ +This folder stores known errors detected by PTS. Be sure to remove relevant +files to reproduce error log on latest ROMs. diff --git a/legacy/tracking_denials/bug_map b/legacy/tracking_denials/bug_map new file mode 100644 index 0000000..74f2fbb --- /dev/null +++ b/legacy/tracking_denials/bug_map @@ -0,0 +1,10 @@ +dump_gxp vendor_gxp_prop file b/287898138 +dumpstate app_zygote process b/288049050 +hal_uwb_default debugfs file b/288049522 +incidentd debugfs_wakeup_sources file b/288049561 +incidentd incidentd anon_inode b/288049561 +insmod-sh insmod-sh key b/274374722 +insmod-sh vendor_regmap_debugfs dir b/274727542 +mtectrl unlabeled dir b/264483752 +systemui_app wm_trace_data_file dir b/288049075 +vendor_init proc file b/289856761 diff --git a/legacy/tracking_denials/kernel.te b/legacy/tracking_denials/kernel.te new file mode 100644 index 0000000..41b91bd --- /dev/null +++ b/legacy/tracking_denials/kernel.te @@ -0,0 +1,2 @@ +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/legacy/tracking_denials/rebalance_interrupts_vendor.te similarity index 100% rename from tracking_denials/rebalance_interrupts_vendor.te rename to legacy/tracking_denials/rebalance_interrupts_vendor.te diff --git a/vendor/audioserver.te b/legacy/vendor/audioserver.te similarity index 100% rename from vendor/audioserver.te rename to legacy/vendor/audioserver.te diff --git a/vendor/bootanim.te b/legacy/vendor/bootanim.te similarity index 100% rename from vendor/bootanim.te rename to legacy/vendor/bootanim.te diff --git a/vendor/cccdk_timesync_app.te b/legacy/vendor/cccdk_timesync_app.te similarity index 77% rename from vendor/cccdk_timesync_app.te rename to legacy/vendor/cccdk_timesync_app.te index f34c5f3..3948edc 100644 --- a/vendor/cccdk_timesync_app.te +++ b/legacy/vendor/cccdk_timesync_app.te @@ -2,6 +2,7 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/legacy/vendor/certs/app.x509.pem b/legacy/vendor/certs/app.x509.pem new file mode 100644 index 0000000..8e3e627 --- /dev/null +++ b/legacy/vendor/certs/app.x509.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE +AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G +A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR +24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy +xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X +W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC +69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA +cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw +HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c +xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH +QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG +CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP +zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla +XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a +IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a +ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW +Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_eng.x509.pem b/legacy/vendor/certs/camera_eng.x509.pem new file mode 100644 index 0000000..011a9ec --- /dev/null +++ b/legacy/vendor/certs/camera_eng.x509.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx +EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw +NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO +OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR ++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb ++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg +UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX +TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj +rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB +TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK +pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY +DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG +ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 +rscXTxYEf4Tqovc= +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_fishfood.x509.pem b/legacy/vendor/certs/camera_fishfood.x509.pem new file mode 100644 index 0000000..fb11572 --- /dev/null +++ b/legacy/vendor/certs/camera_fishfood.x509.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n +bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w +HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv +b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 +bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ +jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B +IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe +tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td +0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg +Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b +aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem new file mode 100644 index 0000000..7b8c5b2 --- /dev/null +++ b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU +MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n +bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz +MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N +b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G +A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP +1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR +UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 +4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL +jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 +pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 +VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 +A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO +sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV +eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO +nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI +hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 +YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm +FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr +njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI +hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e +JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 +IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA +V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H +r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F +DB17LhMLl0GxX9j1 +-----END CERTIFICATE----- diff --git a/vendor/charger_vendor.te b/legacy/vendor/charger_vendor.te similarity index 100% rename from vendor/charger_vendor.te rename to legacy/vendor/charger_vendor.te diff --git a/legacy/vendor/chre.te b/legacy/vendor/chre.te new file mode 100644 index 0000000..a1d1ca5 --- /dev/null +++ b/legacy/vendor/chre.te @@ -0,0 +1,16 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/legacy/vendor/con_monitor_app.te b/legacy/vendor/con_monitor_app.te new file mode 100644 index 0000000..7690191 --- /dev/null +++ b/legacy/vendor/con_monitor_app.te @@ -0,0 +1,12 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); + +allow con_monitor_app app_api_service:service_manager find; +allow con_monitor_app batterystats_service:service_manager find; +allow con_monitor_app virtual_device_service:service_manager find; + +binder_call(con_monitor_app, system_server); +binder_call(con_monitor_app, servicemanager); + +set_prop(con_monitor_app, radio_prop); diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te new file mode 100644 index 0000000..37a19ec --- /dev/null +++ b/legacy/vendor/debug_camera_app.te @@ -0,0 +1,26 @@ + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA-Eng & GCA-Next access the GXP device and properties. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + get_prop(debug_camera_app, vendor_gxp_prop) + + # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) + + # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. + allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; +') diff --git a/legacy/vendor/device.te b/legacy/vendor/device.te new file mode 100644 index 0000000..f63086d --- /dev/null +++ b/legacy/vendor/device.te @@ -0,0 +1,29 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type gxp_device, dev_type, mlstrustedobject; +type hw_jpg_device, dev_type; +userdebug_or_eng(` + typeattribute hw_jpg_device mlstrustedobject; +') +type fingerprint_device, dev_type; +type uci_device, dev_type; + +# Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; + +# SecureElement SPI device +type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; diff --git a/legacy/vendor/disable-contaminant-detection-sh.te b/legacy/vendor/disable-contaminant-detection-sh.te new file mode 100644 index 0000000..95845a1 --- /dev/null +++ b/legacy/vendor/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/domain.te b/legacy/vendor/domain.te similarity index 100% rename from vendor/domain.te rename to legacy/vendor/domain.te diff --git a/legacy/vendor/dump_cma.te b/legacy/vendor/dump_cma.te new file mode 100644 index 0000000..bf5edf2 --- /dev/null +++ b/legacy/vendor/dump_cma.te @@ -0,0 +1,7 @@ +pixel_bugreport(dump_cma) + +userdebug_or_eng(` + allow dump_cma vendor_toolbox_exec:file execute_no_trans; + allow dump_cma vendor_cma_debugfs:dir r_dir_perms; + allow dump_cma vendor_cma_debugfs:file r_file_perms; +') diff --git a/vendor/dump_gsa.te b/legacy/vendor/dump_gsa.te similarity index 100% rename from vendor/dump_gsa.te rename to legacy/vendor/dump_gsa.te diff --git a/vendor/dump_power.te b/legacy/vendor/dump_power.te similarity index 100% rename from vendor/dump_power.te rename to legacy/vendor/dump_power.te diff --git a/vendor/dump_wlan.te b/legacy/vendor/dump_wlan.te similarity index 100% rename from vendor/dump_wlan.te rename to legacy/vendor/dump_wlan.te diff --git a/vendor/dumpstate.te b/legacy/vendor/dumpstate.te similarity index 100% rename from vendor/dumpstate.te rename to legacy/vendor/dumpstate.te diff --git a/vendor/e2fs.te b/legacy/vendor/e2fs.te similarity index 100% rename from vendor/e2fs.te rename to legacy/vendor/e2fs.te diff --git a/vendor/euiccpixel_app.te b/legacy/vendor/euiccpixel_app.te similarity index 100% rename from vendor/euiccpixel_app.te rename to legacy/vendor/euiccpixel_app.te diff --git a/legacy/vendor/fastbootd.te b/legacy/vendor/fastbootd.te new file mode 100644 index 0000000..c7f6a88 --- /dev/null +++ b/legacy/vendor/fastbootd.te @@ -0,0 +1,6 @@ +recovery_only(` + allow fastbootd devinfo_block_device:blk_file rw_file_perms; + allow fastbootd sda_block_device:blk_file rw_file_perms; + allow fastbootd sysfs_ota:file rw_file_perms; + allow fastbootd st54spi_device:chr_file rw_file_perms; +') diff --git a/legacy/vendor/file.te b/legacy/vendor/file.te new file mode 100644 index 0000000..357643a --- /dev/null +++ b/legacy/vendor/file.te @@ -0,0 +1,57 @@ +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; +type sysfs_pca, sysfs_type, fs_type; +type sysfs_aoc_udfps, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; +type sysfs_gsa_log, sysfs_type, fs_type; + +# Gxp sysfs file +type sysfs_gxp, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; + +# Data +type sensor_reg_data_file, file_type, data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; +type sysfs_ospm, sysfs_type, fs_type; diff --git a/legacy/vendor/file_contexts b/legacy/vendor/file_contexts new file mode 100644 index 0000000..912e59d --- /dev/null +++ b/legacy/vendor/file_contexts @@ -0,0 +1,181 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 +# Vendor libraries +/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-nautius u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 +/dev/video12 u:object_r:hw_jpg_device:s0 +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/vendor/fsck.te b/legacy/vendor/fsck.te similarity index 100% rename from vendor/fsck.te rename to legacy/vendor/fsck.te diff --git a/legacy/vendor/genfs_contexts b/legacy/vendor/genfs_contexts new file mode 100644 index 0000000..809910b --- /dev/null +++ b/legacy/vendor/genfs_contexts @@ -0,0 +1,501 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# OSPM +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + +# debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 + +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + +# disable contaminant detection +genfscon sysfs /devices/platform/10cb0000.hsi2c u:object_r:sysfs_batteryinfo:s0 + +# Battery +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/legacy/vendor/google_camera_app.te b/legacy/vendor/google_camera_app.te new file mode 100644 index 0000000..f9f5fa0 --- /dev/null +++ b/legacy/vendor/google_camera_app.te @@ -0,0 +1,23 @@ + +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to acccess the GXP device. +allow google_camera_app gxp_device:chr_file rw_file_perms; + +# Allow GCA to access the GXP properies. +get_prop(google_camera_app, vendor_gxp_prop) + +# Allows GCA to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/legacy/vendor/gxp_logging.te b/legacy/vendor/gxp_logging.te new file mode 100644 index 0000000..fb78c53 --- /dev/null +++ b/legacy/vendor/gxp_logging.te @@ -0,0 +1,22 @@ +type gxp_logging, domain; +type gxp_logging_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gxp_logging) + +# The logging service accesses /dev/gxp +allow gxp_logging gxp_device:chr_file rw_file_perms; + +# Allow logging service to access /sys/class/gxp +allow gxp_logging sysfs_gxp:dir search; +allow gxp_logging sysfs_gxp:file rw_file_perms; + +# Allow logging service to log to stats service for reporting metrics. +allow gxp_logging fwk_stats_service:service_manager find; +binder_call(gxp_logging, system_server); +binder_use(gxp_logging) + +# Allow logging service to read gxp properties. +get_prop(gxp_logging, vendor_gxp_prop) + +# Allow gxp tracing service to send packets to Perfetto +userdebug_or_eng(`perfetto_producer(gxp_logging)') + diff --git a/vendor/hal_bluetooth_btlinux.te b/legacy/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from vendor/hal_bluetooth_btlinux.te rename to legacy/vendor/hal_bluetooth_btlinux.te diff --git a/vendor/hal_bootctl_default.te b/legacy/vendor/hal_bootctl_default.te similarity index 77% rename from vendor/hal_bootctl_default.te rename to legacy/vendor/hal_bootctl_default.te index 2db4651..2ffeb27 100644 --- a/vendor/hal_bootctl_default.te +++ b/legacy/vendor/hal_bootctl_default.te @@ -2,3 +2,7 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; allow hal_bootctl_default tee_device:chr_file rw_file_perms; + +recovery_only(` + allow hal_bootctl_default rootfs:dir r_dir_perms; +') diff --git a/vendor/hal_camera_default.te b/legacy/vendor/hal_camera_default.te similarity index 93% rename from vendor/hal_camera_default.te rename to legacy/vendor/hal_camera_default.te index a7d9db9..e252b28 100644 --- a/vendor/hal_camera_default.te +++ b/legacy/vendor/hal_camera_default.te @@ -31,6 +31,7 @@ allow hal_camera_default vendor_camera_data_file:file create_file_perms; # Allow the camera hal to access the GXP device. allow hal_camera_default gxp_device:chr_file rw_file_perms; +get_prop(hal_camera_default, vendor_gxp_prop) # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` @@ -80,6 +81,9 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); +# Allows camera HAL to access the hw_jpeg /dev/video12. +allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; + # For camera hal to talk with rlsservice allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) @@ -97,3 +101,6 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; dontaudit hal_camera_default traced_producer_socket:sock_file { write }; + +# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes +wakelock_use(hal_camera_default) diff --git a/vendor/hal_contexthub_default.te b/legacy/vendor/hal_contexthub_default.te similarity index 100% rename from vendor/hal_contexthub_default.te rename to legacy/vendor/hal_contexthub_default.te diff --git a/vendor/hal_fingerprint_default.te b/legacy/vendor/hal_fingerprint_default.te similarity index 91% rename from vendor/hal_fingerprint_default.te rename to legacy/vendor/hal_fingerprint_default.te index 6aa57dd..b0a8116 100644 --- a/vendor/hal_fingerprint_default.te +++ b/legacy/vendor/hal_fingerprint_default.te @@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; + +# Allow fingerprint to access sysfs_aoc_udfps +allow hal_fingerprint_default sysfs_aoc:dir search; +allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; diff --git a/legacy/vendor/hal_graphics_allocator_default.te b/legacy/vendor/hal_graphics_allocator_default.te new file mode 100644 index 0000000..b624db1 --- /dev/null +++ b/legacy/vendor/hal_graphics_allocator_default.te @@ -0,0 +1,6 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; diff --git a/vendor/hal_graphics_composer_default.te b/legacy/vendor/hal_graphics_composer_default.te similarity index 100% rename from vendor/hal_graphics_composer_default.te rename to legacy/vendor/hal_graphics_composer_default.te diff --git a/legacy/vendor/hal_health_default.te b/legacy/vendor/hal_health_default.te new file mode 100644 index 0000000..36e6cb1 --- /dev/null +++ b/legacy/vendor/hal_health_default.te @@ -0,0 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; +allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/vendor/hal_memtrack_default.te b/legacy/vendor/hal_memtrack_default.te similarity index 100% rename from vendor/hal_memtrack_default.te rename to legacy/vendor/hal_memtrack_default.te diff --git a/vendor/hal_nfc_default.te b/legacy/vendor/hal_nfc_default.te similarity index 100% rename from vendor/hal_nfc_default.te rename to legacy/vendor/hal_nfc_default.te diff --git a/vendor/hal_power_default.te b/legacy/vendor/hal_power_default.te similarity index 66% rename from vendor/hal_power_default.te rename to legacy/vendor/hal_power_default.te index bb86aad..1f0cd3a 100644 --- a/vendor/hal_power_default.te +++ b/legacy/vendor/hal_power_default.te @@ -4,4 +4,6 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file +allow hal_power_default sysfs_ospm:file rw_file_perms; +allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms; +set_prop(hal_power_default, vendor_camera_prop); diff --git a/vendor/hal_power_stats_default.te b/legacy/vendor/hal_power_stats_default.te similarity index 94% rename from vendor/hal_power_stats_default.te rename to legacy/vendor/hal_power_stats_default.te index 2845a0a..012debc 100644 --- a/vendor/hal_power_stats_default.te +++ b/legacy/vendor/hal_power_stats_default.te @@ -3,6 +3,7 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) +r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) diff --git a/vendor/hal_radioext_default.te b/legacy/vendor/hal_radioext_default.te similarity index 100% rename from vendor/hal_radioext_default.te rename to legacy/vendor/hal_radioext_default.te diff --git a/vendor/hal_secure_element_st54spi_aidl.te b/legacy/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from vendor/hal_secure_element_st54spi_aidl.te rename to legacy/vendor/hal_secure_element_st54spi_aidl.te diff --git a/vendor/hal_secure_element_uicc.te b/legacy/vendor/hal_secure_element_uicc.te similarity index 100% rename from vendor/hal_secure_element_uicc.te rename to legacy/vendor/hal_secure_element_uicc.te diff --git a/vendor/hal_sensors_default.te b/legacy/vendor/hal_sensors_default.te similarity index 91% rename from vendor/hal_sensors_default.te rename to legacy/vendor/hal_sensors_default.te index b9f6a72..fe24c8a 100644 --- a/vendor/hal_sensors_default.te +++ b/legacy/vendor/hal_sensors_default.te @@ -17,6 +17,9 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; +# Allow sensor HAL to access the thermal service HAL +hal_client_domain(hal_sensors_default, hal_thermal); + # Allow reading of sensor registry persist files and camera persist files. allow hal_sensors_default mnt_vendor_file:dir search; allow hal_sensors_default persist_file:dir search; @@ -46,6 +49,9 @@ binder_call(hal_sensors_default, system_server); # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) +# Allow access to raw HID devices for dynamic sensors. +allow hal_sensors_default hidraw_device:chr_file rw_file_perms; + # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; diff --git a/vendor/hal_thermal_default.te b/legacy/vendor/hal_thermal_default.te similarity index 100% rename from vendor/hal_thermal_default.te rename to legacy/vendor/hal_thermal_default.te diff --git a/vendor/hal_usb_gadget_impl.te b/legacy/vendor/hal_usb_gadget_impl.te similarity index 100% rename from vendor/hal_usb_gadget_impl.te rename to legacy/vendor/hal_usb_gadget_impl.te diff --git a/vendor/hal_usb_impl.te b/legacy/vendor/hal_usb_impl.te similarity index 93% rename from vendor/hal_usb_impl.te rename to legacy/vendor/hal_usb_impl.te index 15d74c5..27d7bdd 100644 --- a/vendor/hal_usb_impl.te +++ b/legacy/vendor/hal_usb_impl.te @@ -7,6 +7,7 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; +allow hal_usb_impl dumpstate:fd use; # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; diff --git a/vendor/hal_uwb_vendor_default.te b/legacy/vendor/hal_uwb_vendor_default.te similarity index 54% rename from vendor/hal_uwb_vendor_default.te rename to legacy/vendor/hal_uwb_vendor_default.te index 06a67d0..ac5d7e7 100644 --- a/vendor/hal_uwb_vendor_default.te +++ b/legacy/vendor/hal_uwb_vendor_default.te @@ -3,3 +3,7 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) +allow hal_uwb_default selinuxfs:file r_file_perms; + +allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; +allow hal_uwb_default uwb_data_vendor:file create_file_perms; diff --git a/vendor/hal_wifi_ext.te b/legacy/vendor/hal_wifi_ext.te similarity index 100% rename from vendor/hal_wifi_ext.te rename to legacy/vendor/hal_wifi_ext.te diff --git a/vendor/hal_wireless_charger.te b/legacy/vendor/hal_wireless_charger.te similarity index 100% rename from vendor/hal_wireless_charger.te rename to legacy/vendor/hal_wireless_charger.te diff --git a/vendor/hwservice.te b/legacy/vendor/hwservice.te similarity index 100% rename from vendor/hwservice.te rename to legacy/vendor/hwservice.te diff --git a/vendor/hwservice_contexts b/legacy/vendor/hwservice_contexts similarity index 100% rename from vendor/hwservice_contexts rename to legacy/vendor/hwservice_contexts diff --git a/vendor/init.te b/legacy/vendor/init.te similarity index 100% rename from vendor/init.te rename to legacy/vendor/init.te diff --git a/vendor/insmod-sh.te b/legacy/vendor/insmod-sh.te similarity index 100% rename from vendor/insmod-sh.te rename to legacy/vendor/insmod-sh.te diff --git a/vendor/installd.te b/legacy/vendor/installd.te similarity index 100% rename from vendor/installd.te rename to legacy/vendor/installd.te diff --git a/legacy/vendor/kernel.te b/legacy/vendor/kernel.te new file mode 100644 index 0000000..28f140a --- /dev/null +++ b/legacy/vendor/kernel.te @@ -0,0 +1,24 @@ +allow kernel vendor_fw_file:dir r_dir_perms; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +dontaudit kernel vendor_maxfg_debugfs:dir search; +dontaudit kernel sepolicy_file:file getattr; +dontaudit kernel system_bootstrap_lib_file:dir getattr; +dontaudit kernel system_bootstrap_lib_file:file getattr; +dontaudit kernel system_dlkm_file:dir getattr; +dontaudit kernel vendor_battery_debugfs:dir search; +dontaudit kernel vendor_charger_debugfs:dir search; + +allow kernel vendor_regmap_debugfs:dir search; + diff --git a/vendor/logd.te b/legacy/vendor/logd.te similarity index 100% rename from vendor/logd.te rename to legacy/vendor/logd.te diff --git a/vendor/mac_permissions.xml b/legacy/vendor/mac_permissions.xml similarity index 100% rename from vendor/mac_permissions.xml rename to legacy/vendor/mac_permissions.xml diff --git a/vendor/mediacodec_google.te b/legacy/vendor/mediacodec_google.te similarity index 95% rename from vendor/mediacodec_google.te rename to legacy/vendor/mediacodec_google.te index 1c6413a..3056cf9 100644 --- a/vendor/mediacodec_google.te +++ b/legacy/vendor/mediacodec_google.te @@ -16,6 +16,7 @@ allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file rw_file_perms; allow mediacodec_google gpu_device:chr_file rw_file_perms; +allow mediacodec_google self:global_capability_class_set sys_nice; crash_dump_fallback(mediacodec_google) diff --git a/legacy/vendor/pixeldisplayservice_app.te b/legacy/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..736f443 --- /dev/null +++ b/legacy/vendor/pixeldisplayservice_app.te @@ -0,0 +1,11 @@ + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/legacy/vendor/pixelstats_vendor.te b/legacy/vendor/pixelstats_vendor.te new file mode 100644 index 0000000..f4f447a --- /dev/null +++ b/legacy/vendor/pixelstats_vendor.te @@ -0,0 +1,35 @@ +# Battery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) +allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; +allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; + +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +# Display +r_dir_file(pixelstats_vendor, sysfs_display) +allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; + +# Pca charge +allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/vendor/platform_app.te b/legacy/vendor/platform_app.te similarity index 100% rename from vendor/platform_app.te rename to legacy/vendor/platform_app.te diff --git a/vendor/property.te b/legacy/vendor/property.te similarity index 87% rename from vendor/property.te rename to legacy/vendor/property.te index 105574b..814beb2 100644 --- a/vendor/property.te +++ b/legacy/vendor/property.te @@ -16,3 +16,6 @@ vendor_restricted_prop(vendor_arm_runtime_option_prop) # ArmNN vendor_internal_prop(vendor_armnn_config_prop) + +# Gxp properties +system_vendor_config_prop(vendor_gxp_prop) diff --git a/vendor/property_contexts b/legacy/vendor/property_contexts similarity index 87% rename from vendor/property_contexts rename to legacy/vendor/property_contexts index e837a5c..c77827d 100644 --- a/vendor/property_contexts +++ b/legacy/vendor/property_contexts @@ -4,6 +4,7 @@ vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint +persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 @@ -23,3 +24,6 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # ArmNN configuration ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix + +# Gxp +vendor.gxp. u:object_r:vendor_gxp_prop:s0 diff --git a/vendor/ramdump_app.te b/legacy/vendor/ramdump_app.te similarity index 100% rename from vendor/ramdump_app.te rename to legacy/vendor/ramdump_app.te diff --git a/vendor/recovery.te b/legacy/vendor/recovery.te similarity index 100% rename from vendor/recovery.te rename to legacy/vendor/recovery.te diff --git a/vendor/rlsservice.te b/legacy/vendor/rlsservice.te similarity index 100% rename from vendor/rlsservice.te rename to legacy/vendor/rlsservice.te diff --git a/legacy/vendor/seapp_contexts b/legacy/vendor/seapp_contexts new file mode 100644 index 0000000..f994993 --- /dev/null +++ b/legacy/vendor/seapp_contexts @@ -0,0 +1,31 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all + diff --git a/vendor/service.te b/legacy/vendor/service.te similarity index 100% rename from vendor/service.te rename to legacy/vendor/service.te diff --git a/vendor/service_contexts b/legacy/vendor/service_contexts similarity index 100% rename from vendor/service_contexts rename to legacy/vendor/service_contexts diff --git a/vendor/shell.te b/legacy/vendor/shell.te similarity index 100% rename from vendor/shell.te rename to legacy/vendor/shell.te diff --git a/vendor/surfaceflinger.te b/legacy/vendor/surfaceflinger.te similarity index 100% rename from vendor/surfaceflinger.te rename to legacy/vendor/surfaceflinger.te diff --git a/vendor/system_app.te b/legacy/vendor/system_app.te similarity index 100% rename from vendor/system_app.te rename to legacy/vendor/system_app.te diff --git a/vendor/system_server.te b/legacy/vendor/system_server.te similarity index 82% rename from vendor/system_server.te rename to legacy/vendor/system_server.te index 853e3cf..de29de3 100644 --- a/vendor/system_server.te +++ b/legacy/vendor/system_server.te @@ -1,5 +1,6 @@ # Allow system server to send sensor data callbacks to GPS binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); +binder_call(system_server, con_monitor_app); allow system_server arm_mali_platform_service:service_manager find; diff --git a/vendor/systemui_app.te b/legacy/vendor/systemui_app.te similarity index 100% rename from vendor/systemui_app.te rename to legacy/vendor/systemui_app.te diff --git a/vendor/tcpdump_logger.te b/legacy/vendor/tcpdump_logger.te similarity index 100% rename from vendor/tcpdump_logger.te rename to legacy/vendor/tcpdump_logger.te diff --git a/vendor/tee.te b/legacy/vendor/tee.te similarity index 100% rename from vendor/tee.te rename to legacy/vendor/tee.te diff --git a/vendor/toolbox.te b/legacy/vendor/toolbox.te similarity index 100% rename from vendor/toolbox.te rename to legacy/vendor/toolbox.te diff --git a/vendor/trusty_apploader.te b/legacy/vendor/trusty_apploader.te similarity index 100% rename from vendor/trusty_apploader.te rename to legacy/vendor/trusty_apploader.te diff --git a/vendor/trusty_metricsd.te b/legacy/vendor/trusty_metricsd.te similarity index 100% rename from vendor/trusty_metricsd.te rename to legacy/vendor/trusty_metricsd.te diff --git a/vendor/twoshay.te b/legacy/vendor/twoshay.te similarity index 100% rename from vendor/twoshay.te rename to legacy/vendor/twoshay.te diff --git a/vendor/ufs_firmware_update.te b/legacy/vendor/ufs_firmware_update.te similarity index 100% rename from vendor/ufs_firmware_update.te rename to legacy/vendor/ufs_firmware_update.te diff --git a/vendor/update_engine.te b/legacy/vendor/update_engine.te similarity index 100% rename from vendor/update_engine.te rename to legacy/vendor/update_engine.te diff --git a/vendor/uwb_vendor_app.te b/legacy/vendor/uwb_vendor_app.te similarity index 100% rename from vendor/uwb_vendor_app.te rename to legacy/vendor/uwb_vendor_app.te diff --git a/vendor/vendor_init.te b/legacy/vendor/vendor_init.te similarity index 88% rename from vendor/vendor_init.te rename to legacy/vendor/vendor_init.te index 373eeaf..3abf696 100644 --- a/vendor/vendor_init.te +++ b/legacy/vendor/vendor_init.te @@ -11,6 +11,9 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; +# Allow for checking NSP permissions +allow vendor_init tee_data_file:lnk_file read; + userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') @@ -26,12 +29,16 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) +set_prop(vendor_init, vendor_ssrdump_prop) + # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) -set_prop(vendor_init, vendor_ssrdump_prop) # ArmNN set_prop(vendor_init, vendor_armnn_config_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Gxp +set_prop(vendor_init, vendor_gxp_prop) diff --git a/vendor/vendor_uwb_init.te b/legacy/vendor/vendor_uwb_init.te similarity index 53% rename from vendor/vendor_uwb_init.te rename to legacy/vendor/vendor_uwb_init.te index 5216019..9008238 100644 --- a/vendor/vendor_uwb_init.te +++ b/legacy/vendor/vendor_uwb_init.te @@ -2,3 +2,6 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) + +allow vendor_uwb_init uwb_data_vendor:file create_file_perms; +allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/vendor/vndservice.te b/legacy/vendor/vndservice.te similarity index 100% rename from vendor/vndservice.te rename to legacy/vendor/vndservice.te diff --git a/vendor/vndservice_contexts b/legacy/vendor/vndservice_contexts similarity index 100% rename from vendor/vndservice_contexts rename to legacy/vendor/vndservice_contexts diff --git a/vendor/wifi_sniffer.te b/legacy/vendor/wifi_sniffer.te similarity index 100% rename from vendor/wifi_sniffer.te rename to legacy/vendor/wifi_sniffer.te diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index 76ea843..0000000 --- a/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/widevine/file.te b/legacy/widevine/file.te similarity index 100% rename from widevine/file.te rename to legacy/widevine/file.te diff --git a/widevine/file_contexts b/legacy/widevine/file_contexts similarity index 100% rename from widevine/file_contexts rename to legacy/widevine/file_contexts diff --git a/widevine/hal_drm_clearkey.te b/legacy/widevine/hal_drm_clearkey.te similarity index 100% rename from widevine/hal_drm_clearkey.te rename to legacy/widevine/hal_drm_clearkey.te diff --git a/widevine/hal_drm_widevine.te b/legacy/widevine/hal_drm_widevine.te similarity index 100% rename from widevine/hal_drm_widevine.te rename to legacy/widevine/hal_drm_widevine.te diff --git a/widevine/service_contexts b/legacy/widevine/service_contexts similarity index 100% rename from widevine/service_contexts rename to legacy/widevine/service_contexts diff --git a/radio/keys.conf b/radio/keys.conf deleted file mode 100644 index 45db97d..0000000 --- a/radio/keys.conf +++ /dev/null @@ -1,3 +0,0 @@ -[@MDS] -ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem - diff --git a/radio/radio.te b/radio/radio.te index 221c812..7a75779 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,8 +1,2 @@ set_prop(radio, telephony_ril_prop) -allow radio radio_vendor_data_file:dir rw_dir_perms; -allow radio radio_vendor_data_file:file create_file_perms; -allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; -allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te deleted file mode 100644 index 3baf986..0000000 --- a/tracking_denials/con_monitor_app.te +++ /dev/null @@ -1,36 +0,0 @@ -# b/261518779 -dontaudit con_monitor_app activity_service:service_manager { find }; -dontaudit con_monitor_app content_capture_service:service_manager { find }; -dontaudit con_monitor_app game_service:service_manager { find }; -dontaudit con_monitor_app netstats_service:service_manager { find }; -dontaudit con_monitor_app system_server:binder { call }; -dontaudit con_monitor_app system_server:binder { transfer }; -dontaudit con_monitor_app system_server:fd { use }; -# b/261783158 -dontaudit con_monitor_app system_file:file { getattr }; -dontaudit con_monitor_app system_file:file { map }; -dontaudit con_monitor_app system_file:file { open }; -dontaudit con_monitor_app system_file:file { read }; -dontaudit con_monitor_app tmpfs:file { execute }; -dontaudit con_monitor_app tmpfs:file { map }; -dontaudit con_monitor_app tmpfs:file { read }; -dontaudit con_monitor_app tmpfs:file { write }; -# b/261933171 -dontaudit con_monitor_app dumpstate:fd { use }; -dontaudit con_monitor_app dumpstate:fifo_file { append }; -dontaudit con_monitor_app dumpstate:fifo_file { write }; -dontaudit con_monitor_app system_server:fifo_file { write }; -dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; -dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; -# b/262455571 -dontaudit con_monitor_app data_file_type:dir { search }; -dontaudit con_monitor_app servicemanager:binder { call }; -dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; -dontaudit con_monitor_app statsdw_socket:sock_file { write }; -dontaudit con_monitor_app system_file:file { execute }; -# b/264489520 -userdebug_or_eng(` - permissive con_monitor_app; -') -# b/267843291 -dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te deleted file mode 100644 index 3313642..0000000 --- a/tracking_denials/dumpstate.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/277155496 -dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te deleted file mode 100644 index 4428b68..0000000 --- a/tracking_denials/fastbootd.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489957 -userdebug_or_eng(` - permissive fastbootd; -') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index 601c2bb..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/267260619 -dontaudit hal_sensors_default dumpstate:fd { use }; -dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te deleted file mode 100644 index 08db477..0000000 --- a/tracking_denials/hal_usb_impl.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261163 -dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te deleted file mode 100644 index 4bd4489..0000000 --- a/tracking_denials/incidentd.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/261933310 -dontaudit incidentd debugfs_wakeup_sources:file { open }; -dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te deleted file mode 100644 index 23d091b..0000000 --- a/tracking_denials/kernel.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/262794429 -dontaudit kernel sepolicy_file:file { getattr }; -dontaudit kernel system_bootstrap_lib_file:dir { getattr }; -dontaudit kernel system_bootstrap_lib_file:file { getattr }; -dontaudit kernel system_dlkm_file:dir { getattr }; -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te deleted file mode 100644 index d1c8b73..0000000 --- a/tracking_denials/ssr_detector_app.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/261651131 -dontaudit ssr_detector_app system_app_data_file:file { open }; -# b/264489567 -userdebug_or_eng(` - permissive ssr_detector_app; -') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te deleted file mode 100644 index 0de59ee..0000000 --- a/tracking_denials/update_engine.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261048 -dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te deleted file mode 100644 index abfba26..0000000 --- a/tracking_denials/vendor_init.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/260366195 -dontaudit vendor_init debugfs_trace_marker:file { getattr }; -dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/vendor/chre.te b/vendor/chre.te index 7c0ad8f..ed15009 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -1,20 +1,4 @@ -type chre, domain; -type chre_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(chre) - -# Permit communication with AoC -allow chre aoc_device:chr_file rw_file_perms; - -# Allow CHRE to determine AoC's current clock -allow chre sysfs_aoc:dir search; -allow chre sysfs_aoc_boottime:file r_file_perms; - -# Allow CHRE to create thread to watch AOC's device -allow chre device:dir r_dir_perms; - # Allow CHRE to write to data to chre data directory allow chre chre_data_file:dir create_dir_perms; allow chre chre_data_file:file create_file_perms; -# Allow CHRE to use WakeLock -wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te deleted file mode 100644 index 814c5e8..0000000 --- a/vendor/con_monitor_app.te +++ /dev/null @@ -1,3 +0,0 @@ -# ConnectivityMonitor app -type con_monitor_app, domain; -app_domain(con_monitor_app); diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te deleted file mode 100644 index 08bf626..0000000 --- a/vendor/debug_camera_app.te +++ /dev/null @@ -1,8 +0,0 @@ -userdebug_or_eng(` - # Allows GCA-Eng & GCA-Next access the GXP device. - allow debug_camera_app gxp_device:chr_file rw_file_perms; - - # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. - allow debug_camera_app edgetpu_app_service:service_manager find; - allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; -') diff --git a/vendor/device.te b/vendor/device.te index 226a697..ca6c3ca 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,23 +1,3 @@ -type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; -type mfg_data_block_device, dev_type; -type ufs_internal_block_device, dev_type; -type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; -type fingerprint_device, dev_type; -type uci_device, dev_type; - # Dmabuf heaps -type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; -type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; -type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; -# SecureElement SPI device -type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index b97b93d..fbeb901 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,54 +1,5 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type chre_data_file, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; - -# GSA -type sysfs_gsa_log, sysfs_type, fs_type; - # Faceauth type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; + +# Data +type chre_data_file, file_type, data_file_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 1b60fe3..36e396a 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,33 +1,5 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +# Vendor +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -35,110 +7,18 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 -# Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 - -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 - -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 - # Devices -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 @@ -146,67 +26,14 @@ /dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e5e1b33..a4c9852 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,539 +1,53 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - # debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 -# Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - # Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te deleted file mode 100644 index 35cd86e..0000000 --- a/vendor/google_camera_app.te +++ /dev/null @@ -1,7 +0,0 @@ -# Allows GCA to acccess the GXP device and search for the firmware file. -allow google_camera_app gxp_device:chr_file rw_file_perms; -allow google_camera_app vendor_fw_file:dir search; - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te deleted file mode 100644 index 000138a..0000000 --- a/vendor/gxp_logging.te +++ /dev/null @@ -1,10 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index b624db1..08cd256 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,6 +1,2 @@ -allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; + diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index c57ef34..033042b 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -1,16 +1 @@ -allow hal_health_default mnt_vendor_file:dir search; -allow hal_health_default persist_file:dir search; -allow hal_health_default persist_battery_file:file create_file_perms; -allow hal_health_default persist_battery_file:dir rw_dir_perms; - -set_prop(hal_health_default, vendor_battery_defender_prop) -set_prop(hal_health_default, vendor_shutdown_prop) - -allow hal_health_default fwk_stats_service:service_manager find; - -# Access to /sys/devices/platform/13200000.ufs/* -allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; - -allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/kernel.te b/vendor/kernel.te deleted file mode 100644 index 0f2e18e..0000000 --- a/vendor/kernel.te +++ /dev/null @@ -1,15 +0,0 @@ -allow kernel vendor_fw_file:dir search; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te deleted file mode 100644 index e9c8d78..0000000 --- a/vendor/pixeldisplayservice_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; -binder_call(pixeldisplayservice_app, hal_graphics_composer_default) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 192616b..14824fc 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,28 +1,5 @@ -# Batery history -allow pixelstats_vendor battery_history_device:chr_file r_file_perms; - -# BCL -allow pixelstats_vendor sysfs_bcl:dir search; -allow pixelstats_vendor sysfs_bcl:file r_file_perms; -allow pixelstats_vendor mitigation_vendor_data_file:dir search; -allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; -get_prop(pixelstats_vendor, vendor_brownout_reason_prop); - #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; - -# PCIe Link Statistics -allow pixelstats_vendor sysfs_pcie:dir search; -allow pixelstats_vendor sysfs_pcie:file rw_file_perms; - -allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; - -#Thermal -r_dir_file(pixelstats_vendor, sysfs_thermal) -allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts deleted file mode 100644 index ed23ae5..0000000 --- a/vendor/seapp_contexts +++ /dev/null @@ -1,15 +0,0 @@ -# Domain for EuiccSupportPixel -user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all - -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - -# Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - -# CccDkTimeSyncService -user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index f202935..66c4d34 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -17,8 +17,15 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/pr BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/whitechapel_pro +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/private +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/private +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/vendor +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio/private +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/tracking_denials +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/public PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private - From 5d2c755531412151c273a22ee96073e9ddb09022 Mon Sep 17 00:00:00 2001 From: Chiachang Wang Date: Wed, 23 Aug 2023 04:16:56 +0000 Subject: [PATCH 039/321] Revert commit 2c99c990d366898f9766533c3cdf3858b7e2a70b This reverts commit 2c99c990d366898f9766533c3cdf3858b7e2a70b. Reason for revert: Change-Id: I030b4f5c59383478355ac2cee8363f45c8101041 --- legacy/OWNERS | 3 - .../system_ext/private/property_contexts | 2 - legacy/legacy/system_ext/public/property.te | 2 - legacy/legacy/whitechapel_pro/keys.conf | 5 - legacy/{legacy => }/private/property_contexts | 0 legacy/radio/keys.conf | 3 - legacy/radio/radio.te | 8 - legacy/radio/rild.te | 42 -- legacy/system_ext/private/property_contexts | 2 + legacy/system_ext/private/seapp_contexts | 0 legacy/system_ext/private/systemui_app.te | 20 - legacy/system_ext/public/property.te | 6 +- legacy/system_ext/public/systemui_app.te | 0 legacy/tracking_denials/README.txt | 2 - legacy/tracking_denials/bug_map | 10 - legacy/tracking_denials/kernel.te | 2 - legacy/vendor/certs/app.x509.pem | 27 - legacy/vendor/certs/camera_eng.x509.pem | 17 - legacy/vendor/certs/camera_fishfood.x509.pem | 15 - ...ogle_android_apps_camera_services.x509.pem | 30 - legacy/vendor/chre.te | 16 - legacy/vendor/con_monitor_app.te | 12 - legacy/vendor/debug_camera_app.te | 26 - legacy/vendor/device.te | 29 - .../disable-contaminant-detection-sh.te | 7 - legacy/vendor/dump_cma.te | 7 - legacy/vendor/fastbootd.te | 6 - legacy/vendor/file.te | 57 -- legacy/vendor/file_contexts | 181 ------ legacy/vendor/genfs_contexts | 501 ---------------- legacy/vendor/google_camera_app.te | 23 - legacy/vendor/gxp_logging.te | 22 - .../vendor/hal_graphics_allocator_default.te | 6 - legacy/vendor/hal_health_default.te | 16 - legacy/vendor/kernel.te | 24 - legacy/vendor/pixeldisplayservice_app.te | 11 - legacy/vendor/pixelstats_vendor.te | 35 -- legacy/vendor/seapp_contexts | 31 - .../{legacy => }/whitechapel_pro/attributes | 0 .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 legacy/{legacy => }/whitechapel_pro/device.te | 3 + legacy/{legacy => }/whitechapel_pro/file.te | 3 + .../whitechapel_pro/file_contexts | 5 + .../whitechapel_pro/genfs_contexts | 0 .../hal_input_processor_default.te | 0 legacy/whitechapel_pro/keys.conf | 5 + .../whitechapel_pro/mac_permissions.xml | 0 .../{legacy => }/whitechapel_pro/property.te | 0 .../whitechapel_pro/property_contexts | 0 .../{legacy => }/whitechapel_pro/service.te | 0 .../whitechapel_pro/service_contexts | 0 legacy/{legacy => }/whitechapel_pro/te_macros | 0 .../whitechapel_pro/vndservice.te | 0 .../whitechapel_pro/vndservice_contexts | 0 {legacy/private => private}/vendor_init.te | 0 {legacy/radio => radio}/bipchmgr.te | 0 .../radio => radio}/cat_engine_service_app.te | 0 {legacy/radio => radio}/cbd.te | 0 {legacy/radio => radio}/cbrs_setup.te | 0 .../certs/com_google_mds.x509.pem | 0 {legacy/radio => radio}/device.te | 0 {legacy/radio => radio}/dmd.te | 0 {legacy/radio => radio}/file.te | 0 {legacy/radio => radio}/file_contexts | 0 {legacy/radio => radio}/fsck.te | 0 {legacy/radio => radio}/genfs_contexts | 5 +- {legacy/radio => radio}/gpsd.te | 0 {legacy/radio => radio}/grilservice_app.te | 1 - .../radio => radio}/hal_radioext_default.te | 1 - {legacy/radio => radio}/hwservice.te | 0 {legacy/radio => radio}/hwservice_contexts | 0 {legacy/radio => radio}/hwservicemanager.te | 0 {legacy/radio => radio}/init.te | 0 {legacy/radio => radio}/init_radio.te | 0 radio/keys.conf | 3 + {legacy/radio => radio}/logger_app.te | 3 - {legacy/radio => radio}/mac_permissions.xml | 0 .../radio => radio}/modem_diagnostic_app.te | 0 .../radio => radio}/modem_logging_control.te | 0 {legacy/radio => radio}/modem_ml_svc_sit.te | 0 {legacy/radio => radio}/modem_svc_sit.te | 0 {legacy/radio => radio}/oemrilservice_app.te | 0 {legacy/radio => radio}/private/radio.te | 0 .../radio => radio}/private/service_contexts | 0 {legacy/radio => radio}/property.te | 0 {legacy/radio => radio}/property_contexts | 0 radio/radio.te | 6 + {legacy/radio => radio}/rfsd.te | 0 {legacy/radio => radio}/sced.te | 0 {legacy/radio => radio}/seapp_contexts | 0 {legacy/radio => radio}/ssr_detector.te | 0 {legacy/radio => radio}/vcd.te | 0 .../vendor_engineermode_app.te | 0 {legacy/radio => radio}/vendor_ims_app.te | 0 .../radio => radio}/vendor_ims_remote_app.te | 0 {legacy/radio => radio}/vendor_init.te | 0 .../vendor_qualifiednetworks_app.te | 0 {legacy/radio => radio}/vendor_rcs_app.te | 0 .../radio => radio}/vendor_rcs_service_app.te | 0 .../vendor_silentlogging_remote_app.te | 0 .../vendor_telephony_debug_app.te | 0 .../vendor_telephony_silentlogging_app.te | 0 .../vendor_telephony_test_app.te | 0 {legacy/radio => radio}/vold.te | 0 .../private/platform_app.te | 0 tracking_denials/con_monitor_app.te | 36 ++ tracking_denials/dumpstate.te | 2 + tracking_denials/fastbootd.te | 4 + tracking_denials/hal_sensors_default.te | 3 + tracking_denials/hal_usb_impl.te | 2 + tracking_denials/incidentd.te | 3 + tracking_denials/kernel.te | 7 + .../rebalance_interrupts_vendor.te | 0 tracking_denials/ssr_detector_app.te | 6 + tracking_denials/update_engine.te | 2 + tracking_denials/vendor_init.te | 3 + {legacy/vendor => vendor}/audioserver.te | 0 {legacy/vendor => vendor}/bootanim.te | 0 .../vendor => vendor}/cccdk_timesync_app.te | 3 +- {legacy/vendor => vendor}/charger_vendor.te | 0 vendor/chre.te | 16 + vendor/con_monitor_app.te | 3 + vendor/debug_camera_app.te | 9 + vendor/device.te | 19 + {legacy/vendor => vendor}/domain.te | 0 {legacy/vendor => vendor}/dump_gsa.te | 0 {legacy/vendor => vendor}/dump_power.te | 0 {legacy/vendor => vendor}/dump_wlan.te | 0 {legacy/vendor => vendor}/dumpstate.te | 0 {legacy/vendor => vendor}/e2fs.te | 0 {legacy/vendor => vendor}/euiccpixel_app.te | 0 vendor/file.te | 53 +- vendor/file_contexts | 179 +++++- {legacy/vendor => vendor}/fsck.te | 0 vendor/genfs_contexts | 555 ++++++++++++++++-- vendor/google_camera_app.te | 7 + .../hal_bluetooth_btlinux.te | 0 .../vendor => vendor}/hal_bootctl_default.te | 4 - .../vendor => vendor}/hal_camera_default.te | 10 - .../hal_contexthub_default.te | 0 .../hal_fingerprint_default.te | 4 - vendor/hal_graphics_allocator_default.te | 6 +- .../hal_graphics_composer_default.te | 0 vendor/hal_health_default.te | 15 + .../vendor => vendor}/hal_memtrack_default.te | 0 {legacy/vendor => vendor}/hal_nfc_default.te | 0 .../vendor => vendor}/hal_power_default.te | 4 +- .../hal_power_stats_default.te | 1 - .../vendor => vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../hal_secure_element_uicc.te | 0 .../vendor => vendor}/hal_sensors_default.te | 6 - .../vendor => vendor}/hal_thermal_default.te | 0 .../vendor => vendor}/hal_usb_gadget_impl.te | 0 {legacy/vendor => vendor}/hal_usb_impl.te | 1 - .../hal_uwb_vendor_default.te | 4 - {legacy/vendor => vendor}/hal_wifi_ext.te | 0 .../vendor => vendor}/hal_wireless_charger.te | 0 {legacy/vendor => vendor}/hwservice.te | 0 {legacy/vendor => vendor}/hwservice_contexts | 0 {legacy/vendor => vendor}/init.te | 0 {legacy/vendor => vendor}/insmod-sh.te | 0 {legacy/vendor => vendor}/installd.te | 0 vendor/kernel.te | 15 + {legacy/vendor => vendor}/logd.te | 0 {legacy/vendor => vendor}/mac_permissions.xml | 0 .../vendor => vendor}/mediacodec_google.te | 1 - vendor/pixeldisplayservice_app.te | 2 + vendor/pixelstats_vendor.te | 23 + {legacy/vendor => vendor}/platform_app.te | 0 {legacy/vendor => vendor}/property.te | 6 - {legacy/vendor => vendor}/property_contexts | 7 - {legacy/vendor => vendor}/ramdump_app.te | 0 {legacy/vendor => vendor}/recovery.te | 0 {legacy/vendor => vendor}/rlsservice.te | 0 vendor/seapp_contexts | 15 + {legacy/vendor => vendor}/service.te | 0 {legacy/vendor => vendor}/service_contexts | 0 {legacy/vendor => vendor}/shell.te | 0 {legacy/vendor => vendor}/surfaceflinger.te | 0 {legacy/vendor => vendor}/system_app.te | 0 {legacy/vendor => vendor}/system_server.te | 1 - {legacy/vendor => vendor}/systemui_app.te | 0 {legacy/vendor => vendor}/tcpdump_logger.te | 0 {legacy/vendor => vendor}/tee.te | 0 {legacy/vendor => vendor}/toolbox.te | 0 {legacy/vendor => vendor}/trusty_apploader.te | 0 {legacy/vendor => vendor}/trusty_metricsd.te | 0 {legacy/vendor => vendor}/twoshay.te | 0 .../vendor => vendor}/ufs_firmware_update.te | 0 {legacy/vendor => vendor}/update_engine.te | 1 + {legacy/vendor => vendor}/uwb_vendor_app.te | 0 {legacy/vendor => vendor}/vendor_init.te | 12 +- {legacy/vendor => vendor}/vendor_uwb_init.te | 3 - {legacy/vendor => vendor}/vndservice.te | 0 {legacy/vendor => vendor}/vndservice_contexts | 0 {legacy/vendor => vendor}/wifi_sniffer.te | 0 {legacy/widevine => widevine}/file.te | 0 {legacy/widevine => widevine}/file_contexts | 0 .../widevine => widevine}/hal_drm_clearkey.te | 0 .../widevine => widevine}/hal_drm_widevine.te | 0 .../widevine => widevine}/service_contexts | 0 zumapro-sepolicy.mk | 11 +- 204 files changed, 984 insertions(+), 1321 deletions(-) delete mode 100644 legacy/OWNERS delete mode 100644 legacy/legacy/system_ext/private/property_contexts delete mode 100644 legacy/legacy/system_ext/public/property.te delete mode 100644 legacy/legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/private/property_contexts (100%) delete mode 100644 legacy/radio/keys.conf delete mode 100644 legacy/radio/radio.te delete mode 100644 legacy/radio/rild.te delete mode 100644 legacy/system_ext/private/seapp_contexts delete mode 100644 legacy/system_ext/private/systemui_app.te delete mode 100644 legacy/system_ext/public/systemui_app.te delete mode 100644 legacy/tracking_denials/README.txt delete mode 100644 legacy/tracking_denials/bug_map delete mode 100644 legacy/tracking_denials/kernel.te delete mode 100644 legacy/vendor/certs/app.x509.pem delete mode 100644 legacy/vendor/certs/camera_eng.x509.pem delete mode 100644 legacy/vendor/certs/camera_fishfood.x509.pem delete mode 100644 legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem delete mode 100644 legacy/vendor/chre.te delete mode 100644 legacy/vendor/con_monitor_app.te delete mode 100644 legacy/vendor/debug_camera_app.te delete mode 100644 legacy/vendor/device.te delete mode 100644 legacy/vendor/disable-contaminant-detection-sh.te delete mode 100644 legacy/vendor/dump_cma.te delete mode 100644 legacy/vendor/fastbootd.te delete mode 100644 legacy/vendor/file.te delete mode 100644 legacy/vendor/file_contexts delete mode 100644 legacy/vendor/genfs_contexts delete mode 100644 legacy/vendor/google_camera_app.te delete mode 100644 legacy/vendor/gxp_logging.te delete mode 100644 legacy/vendor/hal_graphics_allocator_default.te delete mode 100644 legacy/vendor/hal_health_default.te delete mode 100644 legacy/vendor/kernel.te delete mode 100644 legacy/vendor/pixeldisplayservice_app.te delete mode 100644 legacy/vendor/pixelstats_vendor.te delete mode 100644 legacy/vendor/seapp_contexts rename legacy/{legacy => }/whitechapel_pro/attributes (100%) rename legacy/{legacy => }/whitechapel_pro/certs/EuiccSupportPixel.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/certs/com_qorvo_uwb.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/device.te (70%) rename legacy/{legacy => }/whitechapel_pro/file.te (82%) rename legacy/{legacy => }/whitechapel_pro/file_contexts (93%) rename legacy/{legacy => }/whitechapel_pro/genfs_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/hal_input_processor_default.te (100%) create mode 100644 legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/whitechapel_pro/mac_permissions.xml (100%) rename legacy/{legacy => }/whitechapel_pro/property.te (100%) rename legacy/{legacy => }/whitechapel_pro/property_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/service.te (100%) rename legacy/{legacy => }/whitechapel_pro/service_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/te_macros (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice.te (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice_contexts (100%) rename {legacy/private => private}/vendor_init.te (100%) rename {legacy/radio => radio}/bipchmgr.te (100%) rename {legacy/radio => radio}/cat_engine_service_app.te (100%) rename {legacy/radio => radio}/cbd.te (100%) rename {legacy/radio => radio}/cbrs_setup.te (100%) rename {legacy/radio => radio}/certs/com_google_mds.x509.pem (100%) rename {legacy/radio => radio}/device.te (100%) rename {legacy/radio => radio}/dmd.te (100%) rename {legacy/radio => radio}/file.te (100%) rename {legacy/radio => radio}/file_contexts (100%) rename {legacy/radio => radio}/fsck.te (100%) rename {legacy/radio => radio}/genfs_contexts (63%) rename {legacy/radio => radio}/gpsd.te (100%) rename {legacy/radio => radio}/grilservice_app.te (92%) rename {legacy/radio => radio}/hal_radioext_default.te (92%) rename {legacy/radio => radio}/hwservice.te (100%) rename {legacy/radio => radio}/hwservice_contexts (100%) rename {legacy/radio => radio}/hwservicemanager.te (100%) rename {legacy/radio => radio}/init.te (100%) rename {legacy/radio => radio}/init_radio.te (100%) create mode 100644 radio/keys.conf rename {legacy/radio => radio}/logger_app.te (91%) rename {legacy/radio => radio}/mac_permissions.xml (100%) rename {legacy/radio => radio}/modem_diagnostic_app.te (100%) rename {legacy/radio => radio}/modem_logging_control.te (100%) rename {legacy/radio => radio}/modem_ml_svc_sit.te (100%) rename {legacy/radio => radio}/modem_svc_sit.te (100%) rename {legacy/radio => radio}/oemrilservice_app.te (100%) rename {legacy/radio => radio}/private/radio.te (100%) rename {legacy/radio => radio}/private/service_contexts (100%) rename {legacy/radio => radio}/property.te (100%) rename {legacy/radio => radio}/property_contexts (100%) rename {legacy/radio => radio}/rfsd.te (100%) rename {legacy/radio => radio}/sced.te (100%) rename {legacy/radio => radio}/seapp_contexts (100%) rename {legacy/radio => radio}/ssr_detector.te (100%) rename {legacy/radio => radio}/vcd.te (100%) rename {legacy/radio => radio}/vendor_engineermode_app.te (100%) rename {legacy/radio => radio}/vendor_ims_app.te (100%) rename {legacy/radio => radio}/vendor_ims_remote_app.te (100%) rename {legacy/radio => radio}/vendor_init.te (100%) rename {legacy/radio => radio}/vendor_qualifiednetworks_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_service_app.te (100%) rename {legacy/radio => radio}/vendor_silentlogging_remote_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_debug_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_silentlogging_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_test_app.te (100%) rename {legacy/radio => radio}/vold.te (100%) rename {legacy/system_ext => system_ext}/private/platform_app.te (100%) create mode 100644 tracking_denials/con_monitor_app.te create mode 100644 tracking_denials/dumpstate.te create mode 100644 tracking_denials/fastbootd.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/hal_usb_impl.te create mode 100644 tracking_denials/incidentd.te create mode 100644 tracking_denials/kernel.te rename {legacy/tracking_denials => tracking_denials}/rebalance_interrupts_vendor.te (100%) create mode 100644 tracking_denials/ssr_detector_app.te create mode 100644 tracking_denials/update_engine.te create mode 100644 tracking_denials/vendor_init.te rename {legacy/vendor => vendor}/audioserver.te (100%) rename {legacy/vendor => vendor}/bootanim.te (100%) rename {legacy/vendor => vendor}/cccdk_timesync_app.te (77%) rename {legacy/vendor => vendor}/charger_vendor.te (100%) create mode 100644 vendor/con_monitor_app.te create mode 100644 vendor/debug_camera_app.te rename {legacy/vendor => vendor}/domain.te (100%) rename {legacy/vendor => vendor}/dump_gsa.te (100%) rename {legacy/vendor => vendor}/dump_power.te (100%) rename {legacy/vendor => vendor}/dump_wlan.te (100%) rename {legacy/vendor => vendor}/dumpstate.te (100%) rename {legacy/vendor => vendor}/e2fs.te (100%) rename {legacy/vendor => vendor}/euiccpixel_app.te (100%) rename {legacy/vendor => vendor}/fsck.te (100%) create mode 100644 vendor/google_camera_app.te rename {legacy/vendor => vendor}/hal_bluetooth_btlinux.te (100%) rename {legacy/vendor => vendor}/hal_bootctl_default.te (77%) rename {legacy/vendor => vendor}/hal_camera_default.te (91%) rename {legacy/vendor => vendor}/hal_contexthub_default.te (100%) rename {legacy/vendor => vendor}/hal_fingerprint_default.te (91%) rename {legacy/vendor => vendor}/hal_graphics_composer_default.te (100%) rename {legacy/vendor => vendor}/hal_memtrack_default.te (100%) rename {legacy/vendor => vendor}/hal_nfc_default.te (100%) rename {legacy/vendor => vendor}/hal_power_default.te (66%) rename {legacy/vendor => vendor}/hal_power_stats_default.te (94%) rename {legacy/vendor => vendor}/hal_radioext_default.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_uicc.te (100%) rename {legacy/vendor => vendor}/hal_sensors_default.te (91%) rename {legacy/vendor => vendor}/hal_thermal_default.te (100%) rename {legacy/vendor => vendor}/hal_usb_gadget_impl.te (100%) rename {legacy/vendor => vendor}/hal_usb_impl.te (93%) rename {legacy/vendor => vendor}/hal_uwb_vendor_default.te (54%) rename {legacy/vendor => vendor}/hal_wifi_ext.te (100%) rename {legacy/vendor => vendor}/hal_wireless_charger.te (100%) rename {legacy/vendor => vendor}/hwservice.te (100%) rename {legacy/vendor => vendor}/hwservice_contexts (100%) rename {legacy/vendor => vendor}/init.te (100%) rename {legacy/vendor => vendor}/insmod-sh.te (100%) rename {legacy/vendor => vendor}/installd.te (100%) create mode 100644 vendor/kernel.te rename {legacy/vendor => vendor}/logd.te (100%) rename {legacy/vendor => vendor}/mac_permissions.xml (100%) rename {legacy/vendor => vendor}/mediacodec_google.te (95%) create mode 100644 vendor/pixeldisplayservice_app.te rename {legacy/vendor => vendor}/platform_app.te (100%) rename {legacy/vendor => vendor}/property.te (75%) rename {legacy/vendor => vendor}/property_contexts (78%) rename {legacy/vendor => vendor}/ramdump_app.te (100%) rename {legacy/vendor => vendor}/recovery.te (100%) rename {legacy/vendor => vendor}/rlsservice.te (100%) create mode 100644 vendor/seapp_contexts rename {legacy/vendor => vendor}/service.te (100%) rename {legacy/vendor => vendor}/service_contexts (100%) rename {legacy/vendor => vendor}/shell.te (100%) rename {legacy/vendor => vendor}/surfaceflinger.te (100%) rename {legacy/vendor => vendor}/system_app.te (100%) rename {legacy/vendor => vendor}/system_server.te (82%) rename {legacy/vendor => vendor}/systemui_app.te (100%) rename {legacy/vendor => vendor}/tcpdump_logger.te (100%) rename {legacy/vendor => vendor}/tee.te (100%) rename {legacy/vendor => vendor}/toolbox.te (100%) rename {legacy/vendor => vendor}/trusty_apploader.te (100%) rename {legacy/vendor => vendor}/trusty_metricsd.te (100%) rename {legacy/vendor => vendor}/twoshay.te (100%) rename {legacy/vendor => vendor}/ufs_firmware_update.te (100%) rename {legacy/vendor => vendor}/update_engine.te (74%) rename {legacy/vendor => vendor}/uwb_vendor_app.te (100%) rename {legacy/vendor => vendor}/vendor_init.te (84%) rename {legacy/vendor => vendor}/vendor_uwb_init.te (53%) rename {legacy/vendor => vendor}/vndservice.te (100%) rename {legacy/vendor => vendor}/vndservice_contexts (100%) rename {legacy/vendor => vendor}/wifi_sniffer.te (100%) rename {legacy/widevine => widevine}/file.te (100%) rename {legacy/widevine => widevine}/file_contexts (100%) rename {legacy/widevine => widevine}/hal_drm_clearkey.te (100%) rename {legacy/widevine => widevine}/hal_drm_widevine.te (100%) rename {legacy/widevine => widevine}/service_contexts (100%) diff --git a/legacy/OWNERS b/legacy/OWNERS deleted file mode 100644 index 791abb4..0000000 --- a/legacy/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -include platform/system/sepolicy:/OWNERS - -rurumihong@google.com diff --git a/legacy/legacy/system_ext/private/property_contexts b/legacy/legacy/system_ext/private/property_contexts deleted file mode 100644 index 9f462bd..0000000 --- a/legacy/legacy/system_ext/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/legacy/system_ext/public/property.te b/legacy/legacy/system_ext/public/property.te deleted file mode 100644 index 8908e48..0000000 --- a/legacy/legacy/system_ext/public/property.te +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/legacy/whitechapel_pro/keys.conf b/legacy/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index acc82e4..0000000 --- a/legacy/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/private/property_contexts b/legacy/private/property_contexts similarity index 100% rename from legacy/legacy/private/property_contexts rename to legacy/private/property_contexts diff --git a/legacy/radio/keys.conf b/legacy/radio/keys.conf deleted file mode 100644 index 4784c60..0000000 --- a/legacy/radio/keys.conf +++ /dev/null @@ -1,3 +0,0 @@ -[@MDS] -ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem - diff --git a/legacy/radio/radio.te b/legacy/radio/radio.te deleted file mode 100644 index 221c812..0000000 --- a/legacy/radio/radio.te +++ /dev/null @@ -1,8 +0,0 @@ -set_prop(radio, telephony_ril_prop) - -allow radio radio_vendor_data_file:dir rw_dir_perms; -allow radio radio_vendor_data_file:file create_file_perms; -allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; -allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rild.te b/legacy/radio/rild.te deleted file mode 100644 index 3a2bac7..0000000 --- a/legacy/radio/rild.te +++ /dev/null @@ -1,42 +0,0 @@ -set_prop(rild, vendor_rild_prop) -set_prop(rild, vendor_modem_prop) -get_prop(rild, vendor_persist_config_default_prop) -get_prop(rild, vendor_carrier_prop) - -get_prop(rild, sota_prop) -get_prop(rild, system_boot_reason_prop) - -set_prop(rild, telephony_ril_prop) - -allow rild proc_net:file rw_file_perms; -allow rild radio_vendor_data_file:dir create_dir_perms; -allow rild radio_vendor_data_file:file create_file_perms; -allow rild rild_vendor_data_file:dir create_dir_perms; -allow rild rild_vendor_data_file:file create_file_perms; -allow rild vendor_fw_file:file r_file_perms; -allow rild mnt_vendor_file:dir r_dir_perms; - -r_dir_file(rild, modem_img_file) - -binder_call(rild, bipchmgr) -binder_call(rild, gpsd) -binder_call(rild, hal_audio_default) -binder_call(rild, modem_svc_sit) -binder_call(rild, vendor_ims_app) -binder_call(rild, vendor_rcs_app) -binder_call(rild, oemrilservice_app) -binder_call(rild, hal_secure_element_uicc) -binder_call(rild, grilservice_app) -binder_call(rild, vendor_engineermode_app) -binder_call(rild, vendor_telephony_debug_app) -binder_call(rild, logger_app) - -crash_dump_fallback(rild) - -# for hal service -add_hwservice(rild, hal_exynos_rild_hwservice) - -# Allow rild to access files on modem img. -allow rild modem_img_file:dir r_dir_perms; -allow rild modem_img_file:file r_file_perms; -allow rild modem_img_file:lnk_file r_file_perms; diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts index e69de29..9f462bd 100644 --- a/legacy/system_ext/private/property_contexts +++ b/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/private/seapp_contexts b/legacy/system_ext/private/seapp_contexts deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/system_ext/private/systemui_app.te b/legacy/system_ext/private/systemui_app.te deleted file mode 100644 index 99f30ac..0000000 --- a/legacy/system_ext/private/systemui_app.te +++ /dev/null @@ -1,20 +0,0 @@ - -allow systemui_app app_api_service:service_manager find; -allow systemui_app network_score_service:service_manager find; -allow systemui_app overlay_service:service_manager find; -allow systemui_app color_display_service:service_manager find; -allow systemui_app audioserver_service:service_manager find; -allow systemui_app cameraserver_service:service_manager find; -allow systemui_app mediaserver_service:service_manager find; -allow systemui_app mediaextractor_service:service_manager find; -allow systemui_app mediametrics_service:service_manager find; -allow systemui_app radio_service:service_manager find; -allow systemui_app vr_manager_service:service_manager find; -allow systemui_app nfc_service:service_manager find; -allow systemui_app adb_service:service_manager find; -allow systemui_app statsmanager_service:service_manager find; - -get_prop(systemui_app, keyguard_config_prop) -set_prop(systemui_app, bootanim_system_prop) -get_prop(systemui_app, qemu_hw_prop) - diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te index 2b30a6a..8908e48 100644 --- a/legacy/system_ext/public/property.te +++ b/legacy/system_ext/public/property.te @@ -1,4 +1,2 @@ -# Telephony -userdebug_or_eng(` - set_prop(shell, telephony_ril_prop) -') +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/system_ext/public/systemui_app.te b/legacy/system_ext/public/systemui_app.te deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/tracking_denials/README.txt b/legacy/tracking_denials/README.txt deleted file mode 100644 index 6cfc62d..0000000 --- a/legacy/tracking_denials/README.txt +++ /dev/null @@ -1,2 +0,0 @@ -This folder stores known errors detected by PTS. Be sure to remove relevant -files to reproduce error log on latest ROMs. diff --git a/legacy/tracking_denials/bug_map b/legacy/tracking_denials/bug_map deleted file mode 100644 index 74f2fbb..0000000 --- a/legacy/tracking_denials/bug_map +++ /dev/null @@ -1,10 +0,0 @@ -dump_gxp vendor_gxp_prop file b/287898138 -dumpstate app_zygote process b/288049050 -hal_uwb_default debugfs file b/288049522 -incidentd debugfs_wakeup_sources file b/288049561 -incidentd incidentd anon_inode b/288049561 -insmod-sh insmod-sh key b/274374722 -insmod-sh vendor_regmap_debugfs dir b/274727542 -mtectrl unlabeled dir b/264483752 -systemui_app wm_trace_data_file dir b/288049075 -vendor_init proc file b/289856761 diff --git a/legacy/tracking_denials/kernel.te b/legacy/tracking_denials/kernel.te deleted file mode 100644 index 41b91bd..0000000 --- a/legacy/tracking_denials/kernel.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/vendor/certs/app.x509.pem b/legacy/vendor/certs/app.x509.pem deleted file mode 100644 index 8e3e627..0000000 --- a/legacy/vendor/certs/app.x509.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR -24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy -xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X -W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC -69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA -cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw -HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c -xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP -zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla -XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a -IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a -ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW -Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_eng.x509.pem b/legacy/vendor/certs/camera_eng.x509.pem deleted file mode 100644 index 011a9ec..0000000 --- a/legacy/vendor/certs/camera_eng.x509.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx -EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw -NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE -ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO -OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR -+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb -+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg -UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX -TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj -rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB -TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK -pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY -DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG -ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 -rscXTxYEf4Tqovc= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_fishfood.x509.pem b/legacy/vendor/certs/camera_fishfood.x509.pem deleted file mode 100644 index fb11572..0000000 --- a/legacy/vendor/certs/camera_fishfood.x509.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ -BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n -bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w -HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL -MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv -b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 -bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ -jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B -IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe -tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td -0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg -Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b -aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem deleted file mode 100644 index 7b8c5b2..0000000 --- a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU -MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n -bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz -MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N -b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G -A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP -1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR -UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 -4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL -jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 -pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 -VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 -A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO -sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV -eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO -nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI -hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 -YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm -FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr -njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI -hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e -JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 -IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA -V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H -r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F -DB17LhMLl0GxX9j1 ------END CERTIFICATE----- diff --git a/legacy/vendor/chre.te b/legacy/vendor/chre.te deleted file mode 100644 index a1d1ca5..0000000 --- a/legacy/vendor/chre.te +++ /dev/null @@ -1,16 +0,0 @@ -type chre, domain; -type chre_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(chre) - -# Permit communication with AoC -allow chre aoc_device:chr_file rw_file_perms; - -# Allow CHRE to determine AoC's current clock -allow chre sysfs_aoc:dir search; -allow chre sysfs_aoc_boottime:file r_file_perms; - -# Allow CHRE to create thread to watch AOC's device -allow chre device:dir r_dir_perms; - -# Allow CHRE to use WakeLock -wakelock_use(chre) diff --git a/legacy/vendor/con_monitor_app.te b/legacy/vendor/con_monitor_app.te deleted file mode 100644 index 7690191..0000000 --- a/legacy/vendor/con_monitor_app.te +++ /dev/null @@ -1,12 +0,0 @@ -# ConnectivityMonitor app -type con_monitor_app, domain; -app_domain(con_monitor_app); - -allow con_monitor_app app_api_service:service_manager find; -allow con_monitor_app batterystats_service:service_manager find; -allow con_monitor_app virtual_device_service:service_manager find; - -binder_call(con_monitor_app, system_server); -binder_call(con_monitor_app, servicemanager); - -set_prop(con_monitor_app, radio_prop); diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te deleted file mode 100644 index 37a19ec..0000000 --- a/legacy/vendor/debug_camera_app.te +++ /dev/null @@ -1,26 +0,0 @@ - -userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; - - # Allows GCA-Eng & GCA-Next access the GXP device and properties. - allow debug_camera_app gxp_device:chr_file rw_file_perms; - get_prop(debug_camera_app, vendor_gxp_prop) - - # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. - allow debug_camera_app edgetpu_app_service:service_manager find; - allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) - - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. - allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; -') diff --git a/legacy/vendor/device.te b/legacy/vendor/device.te deleted file mode 100644 index f63086d..0000000 --- a/legacy/vendor/device.te +++ /dev/null @@ -1,29 +0,0 @@ -type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; -type mfg_data_block_device, dev_type; -type ufs_internal_block_device, dev_type; -type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; -type hw_jpg_device, dev_type; -userdebug_or_eng(` - typeattribute hw_jpg_device mlstrustedobject; -') -type fingerprint_device, dev_type; -type uci_device, dev_type; - -# Dmabuf heaps -type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; -type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; -type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; - -# SecureElement SPI device -type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/vendor/disable-contaminant-detection-sh.te b/legacy/vendor/disable-contaminant-detection-sh.te deleted file mode 100644 index 95845a1..0000000 --- a/legacy/vendor/disable-contaminant-detection-sh.te +++ /dev/null @@ -1,7 +0,0 @@ -type disable-contaminant-detection-sh, domain; -type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(disable-contaminant-detection-sh) - -allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; -allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; -allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/dump_cma.te b/legacy/vendor/dump_cma.te deleted file mode 100644 index bf5edf2..0000000 --- a/legacy/vendor/dump_cma.te +++ /dev/null @@ -1,7 +0,0 @@ -pixel_bugreport(dump_cma) - -userdebug_or_eng(` - allow dump_cma vendor_toolbox_exec:file execute_no_trans; - allow dump_cma vendor_cma_debugfs:dir r_dir_perms; - allow dump_cma vendor_cma_debugfs:file r_file_perms; -') diff --git a/legacy/vendor/fastbootd.te b/legacy/vendor/fastbootd.te deleted file mode 100644 index c7f6a88..0000000 --- a/legacy/vendor/fastbootd.te +++ /dev/null @@ -1,6 +0,0 @@ -recovery_only(` - allow fastbootd devinfo_block_device:blk_file rw_file_perms; - allow fastbootd sda_block_device:blk_file rw_file_perms; - allow fastbootd sysfs_ota:file rw_file_perms; - allow fastbootd st54spi_device:chr_file rw_file_perms; -') diff --git a/legacy/vendor/file.te b/legacy/vendor/file.te deleted file mode 100644 index 357643a..0000000 --- a/legacy/vendor/file.te +++ /dev/null @@ -1,57 +0,0 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; -type sysfs_pca, sysfs_type, fs_type; -type sysfs_aoc_udfps, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; -type sysfs_gsa_log, sysfs_type, fs_type; - -# Gxp sysfs file -type sysfs_gxp, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; -type sysfs_ospm, sysfs_type, fs_type; diff --git a/legacy/vendor/file_contexts b/legacy/vendor/file_contexts deleted file mode 100644 index 912e59d..0000000 --- a/legacy/vendor/file_contexts +++ /dev/null @@ -1,181 +0,0 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 -# Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautius u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 -/dev/video12 u:object_r:hw_jpg_device:s0 -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/vendor/genfs_contexts b/legacy/vendor/genfs_contexts deleted file mode 100644 index 809910b..0000000 --- a/legacy/vendor/genfs_contexts +++ /dev/null @@ -1,501 +0,0 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# OSPM -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - -# debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 - -# Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - -# disable contaminant detection -genfscon sysfs /devices/platform/10cb0000.hsi2c u:object_r:sysfs_batteryinfo:s0 - -# Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/legacy/vendor/google_camera_app.te b/legacy/vendor/google_camera_app.te deleted file mode 100644 index f9f5fa0..0000000 --- a/legacy/vendor/google_camera_app.te +++ /dev/null @@ -1,23 +0,0 @@ - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - -# Allows GCA to acccess the GXP device. -allow google_camera_app gxp_device:chr_file rw_file_perms; - -# Allow GCA to access the GXP properies. -get_prop(google_camera_app, vendor_gxp_prop) - -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/legacy/vendor/gxp_logging.te b/legacy/vendor/gxp_logging.te deleted file mode 100644 index fb78c53..0000000 --- a/legacy/vendor/gxp_logging.te +++ /dev/null @@ -1,22 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow logging service to access /sys/class/gxp -allow gxp_logging sysfs_gxp:dir search; -allow gxp_logging sysfs_gxp:file rw_file_perms; - -# Allow logging service to log to stats service for reporting metrics. -allow gxp_logging fwk_stats_service:service_manager find; -binder_call(gxp_logging, system_server); -binder_use(gxp_logging) - -# Allow logging service to read gxp properties. -get_prop(gxp_logging, vendor_gxp_prop) - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/legacy/vendor/hal_graphics_allocator_default.te b/legacy/vendor/hal_graphics_allocator_default.te deleted file mode 100644 index b624db1..0000000 --- a/legacy/vendor/hal_graphics_allocator_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; diff --git a/legacy/vendor/hal_health_default.te b/legacy/vendor/hal_health_default.te deleted file mode 100644 index 36e6cb1..0000000 --- a/legacy/vendor/hal_health_default.te +++ /dev/null @@ -1,16 +0,0 @@ -allow hal_health_default mnt_vendor_file:dir search; -allow hal_health_default persist_file:dir search; -allow hal_health_default persist_battery_file:file create_file_perms; -allow hal_health_default persist_battery_file:dir rw_dir_perms; - -set_prop(hal_health_default, vendor_battery_defender_prop) -set_prop(hal_health_default, vendor_shutdown_prop) - -allow hal_health_default fwk_stats_service:service_manager find; - -# Access to /sys/devices/platform/13200000.ufs/* -allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; - -allow hal_health_default sysfs_wlc:dir search; -allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/legacy/vendor/kernel.te b/legacy/vendor/kernel.te deleted file mode 100644 index 28f140a..0000000 --- a/legacy/vendor/kernel.te +++ /dev/null @@ -1,24 +0,0 @@ -allow kernel vendor_fw_file:dir r_dir_perms; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -dontaudit kernel vendor_maxfg_debugfs:dir search; -dontaudit kernel sepolicy_file:file getattr; -dontaudit kernel system_bootstrap_lib_file:dir getattr; -dontaudit kernel system_bootstrap_lib_file:file getattr; -dontaudit kernel system_dlkm_file:dir getattr; -dontaudit kernel vendor_battery_debugfs:dir search; -dontaudit kernel vendor_charger_debugfs:dir search; - -allow kernel vendor_regmap_debugfs:dir search; - diff --git a/legacy/vendor/pixeldisplayservice_app.te b/legacy/vendor/pixeldisplayservice_app.te deleted file mode 100644 index 736f443..0000000 --- a/legacy/vendor/pixeldisplayservice_app.te +++ /dev/null @@ -1,11 +0,0 @@ - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - -allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; -binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/legacy/vendor/pixelstats_vendor.te b/legacy/vendor/pixelstats_vendor.te deleted file mode 100644 index f4f447a..0000000 --- a/legacy/vendor/pixelstats_vendor.te +++ /dev/null @@ -1,35 +0,0 @@ -# Battery history -allow pixelstats_vendor battery_history_device:chr_file r_file_perms; - -# BCL -allow pixelstats_vendor sysfs_bcl:dir search; -allow pixelstats_vendor sysfs_bcl:file r_file_perms; -allow pixelstats_vendor mitigation_vendor_data_file:dir search; -allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; -get_prop(pixelstats_vendor, vendor_brownout_reason_prop); - -#vendor-metrics -r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) -allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; -allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; - -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; - -# PCIe Link Statistics -allow pixelstats_vendor sysfs_pcie:dir search; -allow pixelstats_vendor sysfs_pcie:file rw_file_perms; - -allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; - -# Display -r_dir_file(pixelstats_vendor, sysfs_display) -allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; - -#Thermal -r_dir_file(pixelstats_vendor, sysfs_thermal) -allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; - -# Pca charge -allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/legacy/vendor/seapp_contexts b/legacy/vendor/seapp_contexts deleted file mode 100644 index f994993..0000000 --- a/legacy/vendor/seapp_contexts +++ /dev/null @@ -1,31 +0,0 @@ -# Domain for EuiccSupportPixel -user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all - -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - -# Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - -# CccDkTimeSyncService -user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - diff --git a/legacy/legacy/whitechapel_pro/attributes b/legacy/whitechapel_pro/attributes similarity index 100% rename from legacy/legacy/whitechapel_pro/attributes rename to legacy/whitechapel_pro/attributes diff --git a/legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te similarity index 70% rename from legacy/legacy/whitechapel_pro/device.te rename to legacy/whitechapel_pro/device.te index 7d31940..bf6f21c 100644 --- a/legacy/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -2,3 +2,6 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; diff --git a/legacy/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te similarity index 82% rename from legacy/legacy/whitechapel_pro/file.te rename to legacy/whitechapel_pro/file.te index f59a80b..23d748b 100644 --- a/legacy/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -2,6 +2,8 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -17,6 +19,7 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts similarity index 93% rename from legacy/legacy/whitechapel_pro/file_contexts rename to legacy/whitechapel_pro/file_contexts index 3ee41cd..a9901c0 100644 --- a/legacy/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -41,8 +41,13 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 + +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/genfs_contexts rename to legacy/whitechapel_pro/genfs_contexts diff --git a/legacy/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/whitechapel_pro/hal_input_processor_default.te similarity index 100% rename from legacy/legacy/whitechapel_pro/hal_input_processor_default.te rename to legacy/whitechapel_pro/hal_input_processor_default.te diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..76ea843 --- /dev/null +++ b/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/mac_permissions.xml b/legacy/whitechapel_pro/mac_permissions.xml similarity index 100% rename from legacy/legacy/whitechapel_pro/mac_permissions.xml rename to legacy/whitechapel_pro/mac_permissions.xml diff --git a/legacy/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te similarity index 100% rename from legacy/legacy/whitechapel_pro/property.te rename to legacy/whitechapel_pro/property.te diff --git a/legacy/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/property_contexts rename to legacy/whitechapel_pro/property_contexts diff --git a/legacy/legacy/whitechapel_pro/service.te b/legacy/whitechapel_pro/service.te similarity index 100% rename from legacy/legacy/whitechapel_pro/service.te rename to legacy/whitechapel_pro/service.te diff --git a/legacy/legacy/whitechapel_pro/service_contexts b/legacy/whitechapel_pro/service_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/service_contexts rename to legacy/whitechapel_pro/service_contexts diff --git a/legacy/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros similarity index 100% rename from legacy/legacy/whitechapel_pro/te_macros rename to legacy/whitechapel_pro/te_macros diff --git a/legacy/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice.te rename to legacy/whitechapel_pro/vndservice.te diff --git a/legacy/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice_contexts rename to legacy/whitechapel_pro/vndservice_contexts diff --git a/legacy/private/vendor_init.te b/private/vendor_init.te similarity index 100% rename from legacy/private/vendor_init.te rename to private/vendor_init.te diff --git a/legacy/radio/bipchmgr.te b/radio/bipchmgr.te similarity index 100% rename from legacy/radio/bipchmgr.te rename to radio/bipchmgr.te diff --git a/legacy/radio/cat_engine_service_app.te b/radio/cat_engine_service_app.te similarity index 100% rename from legacy/radio/cat_engine_service_app.te rename to radio/cat_engine_service_app.te diff --git a/legacy/radio/cbd.te b/radio/cbd.te similarity index 100% rename from legacy/radio/cbd.te rename to radio/cbd.te diff --git a/legacy/radio/cbrs_setup.te b/radio/cbrs_setup.te similarity index 100% rename from legacy/radio/cbrs_setup.te rename to radio/cbrs_setup.te diff --git a/legacy/radio/certs/com_google_mds.x509.pem b/radio/certs/com_google_mds.x509.pem similarity index 100% rename from legacy/radio/certs/com_google_mds.x509.pem rename to radio/certs/com_google_mds.x509.pem diff --git a/legacy/radio/device.te b/radio/device.te similarity index 100% rename from legacy/radio/device.te rename to radio/device.te diff --git a/legacy/radio/dmd.te b/radio/dmd.te similarity index 100% rename from legacy/radio/dmd.te rename to radio/dmd.te diff --git a/legacy/radio/file.te b/radio/file.te similarity index 100% rename from legacy/radio/file.te rename to radio/file.te diff --git a/legacy/radio/file_contexts b/radio/file_contexts similarity index 100% rename from legacy/radio/file_contexts rename to radio/file_contexts diff --git a/legacy/radio/fsck.te b/radio/fsck.te similarity index 100% rename from legacy/radio/fsck.te rename to radio/fsck.te diff --git a/legacy/radio/genfs_contexts b/radio/genfs_contexts similarity index 63% rename from legacy/radio/genfs_contexts rename to radio/genfs_contexts index 6f0199f..347e461 100644 --- a/legacy/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -4,5 +4,8 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 +# GPS +genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 + # Modem -genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/legacy/radio/gpsd.te b/radio/gpsd.te similarity index 100% rename from legacy/radio/gpsd.te rename to radio/gpsd.te diff --git a/legacy/radio/grilservice_app.te b/radio/grilservice_app.te similarity index 92% rename from legacy/radio/grilservice_app.te rename to radio/grilservice_app.te index 16976c9..2525bab 100644 --- a/legacy/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -3,7 +3,6 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; diff --git a/legacy/radio/hal_radioext_default.te b/radio/hal_radioext_default.te similarity index 92% rename from legacy/radio/hal_radioext_default.te rename to radio/hal_radioext_default.te index 7bc0e96..6e17e19 100644 --- a/legacy/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -19,7 +19,6 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/legacy/radio/hwservice.te b/radio/hwservice.te similarity index 100% rename from legacy/radio/hwservice.te rename to radio/hwservice.te diff --git a/legacy/radio/hwservice_contexts b/radio/hwservice_contexts similarity index 100% rename from legacy/radio/hwservice_contexts rename to radio/hwservice_contexts diff --git a/legacy/radio/hwservicemanager.te b/radio/hwservicemanager.te similarity index 100% rename from legacy/radio/hwservicemanager.te rename to radio/hwservicemanager.te diff --git a/legacy/radio/init.te b/radio/init.te similarity index 100% rename from legacy/radio/init.te rename to radio/init.te diff --git a/legacy/radio/init_radio.te b/radio/init_radio.te similarity index 100% rename from legacy/radio/init_radio.te rename to radio/init_radio.te diff --git a/radio/keys.conf b/radio/keys.conf new file mode 100644 index 0000000..45db97d --- /dev/null +++ b/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/legacy/radio/logger_app.te b/radio/logger_app.te similarity index 91% rename from legacy/radio/logger_app.te rename to radio/logger_app.te index ab43385..098955d 100644 --- a/legacy/radio/logger_app.te +++ b/radio/logger_app.te @@ -5,9 +5,6 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:file create_file_perms; allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; - allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; - - binder_call(logger_app, rild) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/legacy/radio/mac_permissions.xml b/radio/mac_permissions.xml similarity index 100% rename from legacy/radio/mac_permissions.xml rename to radio/mac_permissions.xml diff --git a/legacy/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te similarity index 100% rename from legacy/radio/modem_diagnostic_app.te rename to radio/modem_diagnostic_app.te diff --git a/legacy/radio/modem_logging_control.te b/radio/modem_logging_control.te similarity index 100% rename from legacy/radio/modem_logging_control.te rename to radio/modem_logging_control.te diff --git a/legacy/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te similarity index 100% rename from legacy/radio/modem_ml_svc_sit.te rename to radio/modem_ml_svc_sit.te diff --git a/legacy/radio/modem_svc_sit.te b/radio/modem_svc_sit.te similarity index 100% rename from legacy/radio/modem_svc_sit.te rename to radio/modem_svc_sit.te diff --git a/legacy/radio/oemrilservice_app.te b/radio/oemrilservice_app.te similarity index 100% rename from legacy/radio/oemrilservice_app.te rename to radio/oemrilservice_app.te diff --git a/legacy/radio/private/radio.te b/radio/private/radio.te similarity index 100% rename from legacy/radio/private/radio.te rename to radio/private/radio.te diff --git a/legacy/radio/private/service_contexts b/radio/private/service_contexts similarity index 100% rename from legacy/radio/private/service_contexts rename to radio/private/service_contexts diff --git a/legacy/radio/property.te b/radio/property.te similarity index 100% rename from legacy/radio/property.te rename to radio/property.te diff --git a/legacy/radio/property_contexts b/radio/property_contexts similarity index 100% rename from legacy/radio/property_contexts rename to radio/property_contexts diff --git a/radio/radio.te b/radio/radio.te index 7a75779..221c812 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,2 +1,8 @@ set_prop(radio, telephony_ril_prop) +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rfsd.te b/radio/rfsd.te similarity index 100% rename from legacy/radio/rfsd.te rename to radio/rfsd.te diff --git a/legacy/radio/sced.te b/radio/sced.te similarity index 100% rename from legacy/radio/sced.te rename to radio/sced.te diff --git a/legacy/radio/seapp_contexts b/radio/seapp_contexts similarity index 100% rename from legacy/radio/seapp_contexts rename to radio/seapp_contexts diff --git a/legacy/radio/ssr_detector.te b/radio/ssr_detector.te similarity index 100% rename from legacy/radio/ssr_detector.te rename to radio/ssr_detector.te diff --git a/legacy/radio/vcd.te b/radio/vcd.te similarity index 100% rename from legacy/radio/vcd.te rename to radio/vcd.te diff --git a/legacy/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te similarity index 100% rename from legacy/radio/vendor_engineermode_app.te rename to radio/vendor_engineermode_app.te diff --git a/legacy/radio/vendor_ims_app.te b/radio/vendor_ims_app.te similarity index 100% rename from legacy/radio/vendor_ims_app.te rename to radio/vendor_ims_app.te diff --git a/legacy/radio/vendor_ims_remote_app.te b/radio/vendor_ims_remote_app.te similarity index 100% rename from legacy/radio/vendor_ims_remote_app.te rename to radio/vendor_ims_remote_app.te diff --git a/legacy/radio/vendor_init.te b/radio/vendor_init.te similarity index 100% rename from legacy/radio/vendor_init.te rename to radio/vendor_init.te diff --git a/legacy/radio/vendor_qualifiednetworks_app.te b/radio/vendor_qualifiednetworks_app.te similarity index 100% rename from legacy/radio/vendor_qualifiednetworks_app.te rename to radio/vendor_qualifiednetworks_app.te diff --git a/legacy/radio/vendor_rcs_app.te b/radio/vendor_rcs_app.te similarity index 100% rename from legacy/radio/vendor_rcs_app.te rename to radio/vendor_rcs_app.te diff --git a/legacy/radio/vendor_rcs_service_app.te b/radio/vendor_rcs_service_app.te similarity index 100% rename from legacy/radio/vendor_rcs_service_app.te rename to radio/vendor_rcs_service_app.te diff --git a/legacy/radio/vendor_silentlogging_remote_app.te b/radio/vendor_silentlogging_remote_app.te similarity index 100% rename from legacy/radio/vendor_silentlogging_remote_app.te rename to radio/vendor_silentlogging_remote_app.te diff --git a/legacy/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te similarity index 100% rename from legacy/radio/vendor_telephony_debug_app.te rename to radio/vendor_telephony_debug_app.te diff --git a/legacy/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te similarity index 100% rename from legacy/radio/vendor_telephony_silentlogging_app.te rename to radio/vendor_telephony_silentlogging_app.te diff --git a/legacy/radio/vendor_telephony_test_app.te b/radio/vendor_telephony_test_app.te similarity index 100% rename from legacy/radio/vendor_telephony_test_app.te rename to radio/vendor_telephony_test_app.te diff --git a/legacy/radio/vold.te b/radio/vold.te similarity index 100% rename from legacy/radio/vold.te rename to radio/vold.te diff --git a/legacy/system_ext/private/platform_app.te b/system_ext/private/platform_app.te similarity index 100% rename from legacy/system_ext/private/platform_app.te rename to system_ext/private/platform_app.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te new file mode 100644 index 0000000..3baf986 --- /dev/null +++ b/tracking_denials/con_monitor_app.te @@ -0,0 +1,36 @@ +# b/261518779 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; +dontaudit con_monitor_app system_server:binder { call }; +dontaudit con_monitor_app system_server:binder { transfer }; +dontaudit con_monitor_app system_server:fd { use }; +# b/261783158 +dontaudit con_monitor_app system_file:file { getattr }; +dontaudit con_monitor_app system_file:file { map }; +dontaudit con_monitor_app system_file:file { open }; +dontaudit con_monitor_app system_file:file { read }; +dontaudit con_monitor_app tmpfs:file { execute }; +dontaudit con_monitor_app tmpfs:file { map }; +dontaudit con_monitor_app tmpfs:file { read }; +dontaudit con_monitor_app tmpfs:file { write }; +# b/261933171 +dontaudit con_monitor_app dumpstate:fd { use }; +dontaudit con_monitor_app dumpstate:fifo_file { append }; +dontaudit con_monitor_app dumpstate:fifo_file { write }; +dontaudit con_monitor_app system_server:fifo_file { write }; +dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; +dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; +# b/262455571 +dontaudit con_monitor_app data_file_type:dir { search }; +dontaudit con_monitor_app servicemanager:binder { call }; +dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; +dontaudit con_monitor_app statsdw_socket:sock_file { write }; +dontaudit con_monitor_app system_file:file { execute }; +# b/264489520 +userdebug_or_eng(` + permissive con_monitor_app; +') +# b/267843291 +dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..3313642 --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155496 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te new file mode 100644 index 0000000..4428b68 --- /dev/null +++ b/tracking_denials/fastbootd.te @@ -0,0 +1,4 @@ +# b/264489957 +userdebug_or_eng(` + permissive fastbootd; +') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..601c2bb --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,3 @@ +# b/267260619 +dontaudit hal_sensors_default dumpstate:fd { use }; +dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..08db477 --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/267261163 +dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te new file mode 100644 index 0000000..4bd4489 --- /dev/null +++ b/tracking_denials/incidentd.te @@ -0,0 +1,3 @@ +# b/261933310 +dontaudit incidentd debugfs_wakeup_sources:file { open }; +dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te new file mode 100644 index 0000000..23d091b --- /dev/null +++ b/tracking_denials/kernel.te @@ -0,0 +1,7 @@ +# b/262794429 +dontaudit kernel sepolicy_file:file { getattr }; +dontaudit kernel system_bootstrap_lib_file:dir { getattr }; +dontaudit kernel system_bootstrap_lib_file:file { getattr }; +dontaudit kernel system_dlkm_file:dir { getattr }; +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te similarity index 100% rename from legacy/tracking_denials/rebalance_interrupts_vendor.te rename to tracking_denials/rebalance_interrupts_vendor.te diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te new file mode 100644 index 0000000..d1c8b73 --- /dev/null +++ b/tracking_denials/ssr_detector_app.te @@ -0,0 +1,6 @@ +# b/261651131 +dontaudit ssr_detector_app system_app_data_file:file { open }; +# b/264489567 +userdebug_or_eng(` + permissive ssr_detector_app; +') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te new file mode 100644 index 0000000..0de59ee --- /dev/null +++ b/tracking_denials/update_engine.te @@ -0,0 +1,2 @@ +# b/267261048 +dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..abfba26 --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,3 @@ +# b/260366195 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/legacy/vendor/audioserver.te b/vendor/audioserver.te similarity index 100% rename from legacy/vendor/audioserver.te rename to vendor/audioserver.te diff --git a/legacy/vendor/bootanim.te b/vendor/bootanim.te similarity index 100% rename from legacy/vendor/bootanim.te rename to vendor/bootanim.te diff --git a/legacy/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te similarity index 77% rename from legacy/vendor/cccdk_timesync_app.te rename to vendor/cccdk_timesync_app.te index 3948edc..f34c5f3 100644 --- a/legacy/vendor/cccdk_timesync_app.te +++ b/vendor/cccdk_timesync_app.te @@ -2,7 +2,6 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/legacy/vendor/charger_vendor.te b/vendor/charger_vendor.te similarity index 100% rename from legacy/vendor/charger_vendor.te rename to vendor/charger_vendor.te diff --git a/vendor/chre.te b/vendor/chre.te index ed15009..7c0ad8f 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -1,4 +1,20 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + # Allow CHRE to write to data to chre data directory allow chre chre_data_file:dir create_dir_perms; allow chre chre_data_file:file create_file_perms; +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te new file mode 100644 index 0000000..814c5e8 --- /dev/null +++ b/vendor/con_monitor_app.te @@ -0,0 +1,3 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te new file mode 100644 index 0000000..44859fe --- /dev/null +++ b/vendor/debug_camera_app.te @@ -0,0 +1,9 @@ +userdebug_or_eng(` + # Allows GCA-Eng & GCA-Next access the GXP device and properties. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + get_prop(debug_camera_app, vendor_gxp_prop) + + # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +') diff --git a/vendor/device.te b/vendor/device.te index ca6c3ca..044da91 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,3 +1,22 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type fingerprint_device, dev_type; +type uci_device, dev_type; + # Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; +# SecureElement SPI device +type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/legacy/vendor/domain.te b/vendor/domain.te similarity index 100% rename from legacy/vendor/domain.te rename to vendor/domain.te diff --git a/legacy/vendor/dump_gsa.te b/vendor/dump_gsa.te similarity index 100% rename from legacy/vendor/dump_gsa.te rename to vendor/dump_gsa.te diff --git a/legacy/vendor/dump_power.te b/vendor/dump_power.te similarity index 100% rename from legacy/vendor/dump_power.te rename to vendor/dump_power.te diff --git a/legacy/vendor/dump_wlan.te b/vendor/dump_wlan.te similarity index 100% rename from legacy/vendor/dump_wlan.te rename to vendor/dump_wlan.te diff --git a/legacy/vendor/dumpstate.te b/vendor/dumpstate.te similarity index 100% rename from legacy/vendor/dumpstate.te rename to vendor/dumpstate.te diff --git a/legacy/vendor/e2fs.te b/vendor/e2fs.te similarity index 100% rename from legacy/vendor/e2fs.te rename to vendor/e2fs.te diff --git a/legacy/vendor/euiccpixel_app.te b/vendor/euiccpixel_app.te similarity index 100% rename from legacy/vendor/euiccpixel_app.te rename to vendor/euiccpixel_app.te diff --git a/vendor/file.te b/vendor/file.te index fbeb901..b97b93d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,5 +1,54 @@ -# Faceauth -type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; # Data +type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 36e396a..f59fcdd 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,5 +1,32 @@ -# Vendor -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -7,18 +34,109 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 +# Vendor libraries + +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 + +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 + # Devices -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 @@ -26,14 +144,67 @@ /dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 diff --git a/legacy/vendor/fsck.te b/vendor/fsck.te similarity index 100% rename from legacy/vendor/fsck.te rename to vendor/fsck.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a4c9852..1457d67 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,53 +1,542 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + # debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + # Battery -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te new file mode 100644 index 0000000..fd19c05 --- /dev/null +++ b/vendor/google_camera_app.te @@ -0,0 +1,7 @@ +# Allows GCA to acccess the GXP device & properties. +allow google_camera_app gxp_device:chr_file rw_file_perms; +get_prop(google_camera_app, vendor_gxp_prop) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/legacy/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from legacy/vendor/hal_bluetooth_btlinux.te rename to vendor/hal_bluetooth_btlinux.te diff --git a/legacy/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te similarity index 77% rename from legacy/vendor/hal_bootctl_default.te rename to vendor/hal_bootctl_default.te index 2ffeb27..2db4651 100644 --- a/legacy/vendor/hal_bootctl_default.te +++ b/vendor/hal_bootctl_default.te @@ -2,7 +2,3 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -') diff --git a/legacy/vendor/hal_camera_default.te b/vendor/hal_camera_default.te similarity index 91% rename from legacy/vendor/hal_camera_default.te rename to vendor/hal_camera_default.te index e252b28..35cd7cf 100644 --- a/legacy/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -29,10 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms; allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; allow hal_camera_default vendor_camera_data_file:file create_file_perms; -# Allow the camera hal to access the GXP device. -allow hal_camera_default gxp_device:chr_file rw_file_perms; -get_prop(hal_camera_default, vendor_gxp_prop) - # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; @@ -81,9 +77,6 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); -# Allows camera HAL to access the hw_jpeg /dev/video12. -allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; - # For camera hal to talk with rlsservice allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) @@ -101,6 +94,3 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; dontaudit hal_camera_default traced_producer_socket:sock_file { write }; - -# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes -wakelock_use(hal_camera_default) diff --git a/legacy/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te similarity index 100% rename from legacy/vendor/hal_contexthub_default.te rename to vendor/hal_contexthub_default.te diff --git a/legacy/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te similarity index 91% rename from legacy/vendor/hal_fingerprint_default.te rename to vendor/hal_fingerprint_default.te index b0a8116..6aa57dd 100644 --- a/legacy/vendor/hal_fingerprint_default.te +++ b/vendor/hal_fingerprint_default.te @@ -37,7 +37,3 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; - -# Allow fingerprint to access sysfs_aoc_udfps -allow hal_fingerprint_default sysfs_aoc:dir search; -allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index 08cd256..b624db1 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,2 +1,6 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; - diff --git a/legacy/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te similarity index 100% rename from legacy/vendor/hal_graphics_composer_default.te rename to vendor/hal_graphics_composer_default.te diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index 033042b..c57ef34 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -1 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/hal_memtrack_default.te b/vendor/hal_memtrack_default.te similarity index 100% rename from legacy/vendor/hal_memtrack_default.te rename to vendor/hal_memtrack_default.te diff --git a/legacy/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te similarity index 100% rename from legacy/vendor/hal_nfc_default.te rename to vendor/hal_nfc_default.te diff --git a/legacy/vendor/hal_power_default.te b/vendor/hal_power_default.te similarity index 66% rename from legacy/vendor/hal_power_default.te rename to vendor/hal_power_default.te index 1f0cd3a..bb86aad 100644 --- a/legacy/vendor/hal_power_default.te +++ b/vendor/hal_power_default.te @@ -4,6 +4,4 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -allow hal_power_default sysfs_ospm:file rw_file_perms; -allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); +set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file diff --git a/legacy/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te similarity index 94% rename from legacy/vendor/hal_power_stats_default.te rename to vendor/hal_power_stats_default.te index 012debc..2845a0a 100644 --- a/legacy/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -3,7 +3,6 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) -r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) diff --git a/legacy/vendor/hal_radioext_default.te b/vendor/hal_radioext_default.te similarity index 100% rename from legacy/vendor/hal_radioext_default.te rename to vendor/hal_radioext_default.te diff --git a/legacy/vendor/hal_secure_element_st54spi_aidl.te b/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from legacy/vendor/hal_secure_element_st54spi_aidl.te rename to vendor/hal_secure_element_st54spi_aidl.te diff --git a/legacy/vendor/hal_secure_element_uicc.te b/vendor/hal_secure_element_uicc.te similarity index 100% rename from legacy/vendor/hal_secure_element_uicc.te rename to vendor/hal_secure_element_uicc.te diff --git a/legacy/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te similarity index 91% rename from legacy/vendor/hal_sensors_default.te rename to vendor/hal_sensors_default.te index fe24c8a..b9f6a72 100644 --- a/legacy/vendor/hal_sensors_default.te +++ b/vendor/hal_sensors_default.te @@ -17,9 +17,6 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow sensor HAL to access the thermal service HAL -hal_client_domain(hal_sensors_default, hal_thermal); - # Allow reading of sensor registry persist files and camera persist files. allow hal_sensors_default mnt_vendor_file:dir search; allow hal_sensors_default persist_file:dir search; @@ -49,9 +46,6 @@ binder_call(hal_sensors_default, system_server); # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -# Allow access to raw HID devices for dynamic sensors. -allow hal_sensors_default hidraw_device:chr_file rw_file_perms; - # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; diff --git a/legacy/vendor/hal_thermal_default.te b/vendor/hal_thermal_default.te similarity index 100% rename from legacy/vendor/hal_thermal_default.te rename to vendor/hal_thermal_default.te diff --git a/legacy/vendor/hal_usb_gadget_impl.te b/vendor/hal_usb_gadget_impl.te similarity index 100% rename from legacy/vendor/hal_usb_gadget_impl.te rename to vendor/hal_usb_gadget_impl.te diff --git a/legacy/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te similarity index 93% rename from legacy/vendor/hal_usb_impl.te rename to vendor/hal_usb_impl.te index 27d7bdd..15d74c5 100644 --- a/legacy/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -7,7 +7,6 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; -allow hal_usb_impl dumpstate:fd use; # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; diff --git a/legacy/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te similarity index 54% rename from legacy/vendor/hal_uwb_vendor_default.te rename to vendor/hal_uwb_vendor_default.te index ac5d7e7..06a67d0 100644 --- a/legacy/vendor/hal_uwb_vendor_default.te +++ b/vendor/hal_uwb_vendor_default.te @@ -3,7 +3,3 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) -allow hal_uwb_default selinuxfs:file r_file_perms; - -allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; -allow hal_uwb_default uwb_data_vendor:file create_file_perms; diff --git a/legacy/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te similarity index 100% rename from legacy/vendor/hal_wifi_ext.te rename to vendor/hal_wifi_ext.te diff --git a/legacy/vendor/hal_wireless_charger.te b/vendor/hal_wireless_charger.te similarity index 100% rename from legacy/vendor/hal_wireless_charger.te rename to vendor/hal_wireless_charger.te diff --git a/legacy/vendor/hwservice.te b/vendor/hwservice.te similarity index 100% rename from legacy/vendor/hwservice.te rename to vendor/hwservice.te diff --git a/legacy/vendor/hwservice_contexts b/vendor/hwservice_contexts similarity index 100% rename from legacy/vendor/hwservice_contexts rename to vendor/hwservice_contexts diff --git a/legacy/vendor/init.te b/vendor/init.te similarity index 100% rename from legacy/vendor/init.te rename to vendor/init.te diff --git a/legacy/vendor/insmod-sh.te b/vendor/insmod-sh.te similarity index 100% rename from legacy/vendor/insmod-sh.te rename to vendor/insmod-sh.te diff --git a/legacy/vendor/installd.te b/vendor/installd.te similarity index 100% rename from legacy/vendor/installd.te rename to vendor/installd.te diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..0f2e18e --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1,15 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; diff --git a/legacy/vendor/logd.te b/vendor/logd.te similarity index 100% rename from legacy/vendor/logd.te rename to vendor/logd.te diff --git a/legacy/vendor/mac_permissions.xml b/vendor/mac_permissions.xml similarity index 100% rename from legacy/vendor/mac_permissions.xml rename to vendor/mac_permissions.xml diff --git a/legacy/vendor/mediacodec_google.te b/vendor/mediacodec_google.te similarity index 95% rename from legacy/vendor/mediacodec_google.te rename to vendor/mediacodec_google.te index 3056cf9..1c6413a 100644 --- a/legacy/vendor/mediacodec_google.te +++ b/vendor/mediacodec_google.te @@ -16,7 +16,6 @@ allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file rw_file_perms; allow mediacodec_google gpu_device:chr_file rw_file_perms; -allow mediacodec_google self:global_capability_class_set sys_nice; crash_dump_fallback(mediacodec_google) diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..e9c8d78 --- /dev/null +++ b/vendor/pixeldisplayservice_app.te @@ -0,0 +1,2 @@ +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 14824fc..192616b 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,5 +1,28 @@ +# Batery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/legacy/vendor/platform_app.te b/vendor/platform_app.te similarity index 100% rename from legacy/vendor/platform_app.te rename to vendor/platform_app.te diff --git a/legacy/vendor/property.te b/vendor/property.te similarity index 75% rename from legacy/vendor/property.te rename to vendor/property.te index 814beb2..8ef51a8 100644 --- a/legacy/vendor/property.te +++ b/vendor/property.te @@ -13,9 +13,3 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) - -# ArmNN -vendor_internal_prop(vendor_armnn_config_prop) - -# Gxp properties -system_vendor_config_prop(vendor_gxp_prop) diff --git a/legacy/vendor/property_contexts b/vendor/property_contexts similarity index 78% rename from legacy/vendor/property_contexts rename to vendor/property_contexts index c77827d..8e43946 100644 --- a/legacy/vendor/property_contexts +++ b/vendor/property_contexts @@ -4,7 +4,6 @@ vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint -persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 @@ -21,9 +20,3 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix - -# ArmNN configuration -ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix - -# Gxp -vendor.gxp. u:object_r:vendor_gxp_prop:s0 diff --git a/legacy/vendor/ramdump_app.te b/vendor/ramdump_app.te similarity index 100% rename from legacy/vendor/ramdump_app.te rename to vendor/ramdump_app.te diff --git a/legacy/vendor/recovery.te b/vendor/recovery.te similarity index 100% rename from legacy/vendor/recovery.te rename to vendor/recovery.te diff --git a/legacy/vendor/rlsservice.te b/vendor/rlsservice.te similarity index 100% rename from legacy/vendor/rlsservice.te rename to vendor/rlsservice.te diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts new file mode 100644 index 0000000..ed23ae5 --- /dev/null +++ b/vendor/seapp_contexts @@ -0,0 +1,15 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all diff --git a/legacy/vendor/service.te b/vendor/service.te similarity index 100% rename from legacy/vendor/service.te rename to vendor/service.te diff --git a/legacy/vendor/service_contexts b/vendor/service_contexts similarity index 100% rename from legacy/vendor/service_contexts rename to vendor/service_contexts diff --git a/legacy/vendor/shell.te b/vendor/shell.te similarity index 100% rename from legacy/vendor/shell.te rename to vendor/shell.te diff --git a/legacy/vendor/surfaceflinger.te b/vendor/surfaceflinger.te similarity index 100% rename from legacy/vendor/surfaceflinger.te rename to vendor/surfaceflinger.te diff --git a/legacy/vendor/system_app.te b/vendor/system_app.te similarity index 100% rename from legacy/vendor/system_app.te rename to vendor/system_app.te diff --git a/legacy/vendor/system_server.te b/vendor/system_server.te similarity index 82% rename from legacy/vendor/system_server.te rename to vendor/system_server.te index de29de3..853e3cf 100644 --- a/legacy/vendor/system_server.te +++ b/vendor/system_server.te @@ -1,6 +1,5 @@ # Allow system server to send sensor data callbacks to GPS binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); -binder_call(system_server, con_monitor_app); allow system_server arm_mali_platform_service:service_manager find; diff --git a/legacy/vendor/systemui_app.te b/vendor/systemui_app.te similarity index 100% rename from legacy/vendor/systemui_app.te rename to vendor/systemui_app.te diff --git a/legacy/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te similarity index 100% rename from legacy/vendor/tcpdump_logger.te rename to vendor/tcpdump_logger.te diff --git a/legacy/vendor/tee.te b/vendor/tee.te similarity index 100% rename from legacy/vendor/tee.te rename to vendor/tee.te diff --git a/legacy/vendor/toolbox.te b/vendor/toolbox.te similarity index 100% rename from legacy/vendor/toolbox.te rename to vendor/toolbox.te diff --git a/legacy/vendor/trusty_apploader.te b/vendor/trusty_apploader.te similarity index 100% rename from legacy/vendor/trusty_apploader.te rename to vendor/trusty_apploader.te diff --git a/legacy/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te similarity index 100% rename from legacy/vendor/trusty_metricsd.te rename to vendor/trusty_metricsd.te diff --git a/legacy/vendor/twoshay.te b/vendor/twoshay.te similarity index 100% rename from legacy/vendor/twoshay.te rename to vendor/twoshay.te diff --git a/legacy/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te similarity index 100% rename from legacy/vendor/ufs_firmware_update.te rename to vendor/ufs_firmware_update.te diff --git a/legacy/vendor/update_engine.te b/vendor/update_engine.te similarity index 74% rename from legacy/vendor/update_engine.te rename to vendor/update_engine.te index a403d9e..fb59e4b 100644 --- a/legacy/vendor/update_engine.te +++ b/vendor/update_engine.te @@ -1,3 +1,4 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; +allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine proc_bootconfig:file r_file_perms; diff --git a/legacy/vendor/uwb_vendor_app.te b/vendor/uwb_vendor_app.te similarity index 100% rename from legacy/vendor/uwb_vendor_app.te rename to vendor/uwb_vendor_app.te diff --git a/legacy/vendor/vendor_init.te b/vendor/vendor_init.te similarity index 84% rename from legacy/vendor/vendor_init.te rename to vendor/vendor_init.te index 3abf696..2071850 100644 --- a/legacy/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -11,9 +11,6 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; -# Allow for checking NSP permissions -allow vendor_init tee_data_file:lnk_file read; - userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') @@ -29,16 +26,9 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) -set_prop(vendor_init, vendor_ssrdump_prop) - # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) - -# ArmNN -set_prop(vendor_init, vendor_armnn_config_prop) +set_prop(vendor_init, vendor_ssrdump_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; - -# Gxp -set_prop(vendor_init, vendor_gxp_prop) diff --git a/legacy/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te similarity index 53% rename from legacy/vendor/vendor_uwb_init.te rename to vendor/vendor_uwb_init.te index 9008238..5216019 100644 --- a/legacy/vendor/vendor_uwb_init.te +++ b/vendor/vendor_uwb_init.te @@ -2,6 +2,3 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) - -allow vendor_uwb_init uwb_data_vendor:file create_file_perms; -allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/legacy/vendor/vndservice.te b/vendor/vndservice.te similarity index 100% rename from legacy/vendor/vndservice.te rename to vendor/vndservice.te diff --git a/legacy/vendor/vndservice_contexts b/vendor/vndservice_contexts similarity index 100% rename from legacy/vendor/vndservice_contexts rename to vendor/vndservice_contexts diff --git a/legacy/vendor/wifi_sniffer.te b/vendor/wifi_sniffer.te similarity index 100% rename from legacy/vendor/wifi_sniffer.te rename to vendor/wifi_sniffer.te diff --git a/legacy/widevine/file.te b/widevine/file.te similarity index 100% rename from legacy/widevine/file.te rename to widevine/file.te diff --git a/legacy/widevine/file_contexts b/widevine/file_contexts similarity index 100% rename from legacy/widevine/file_contexts rename to widevine/file_contexts diff --git a/legacy/widevine/hal_drm_clearkey.te b/widevine/hal_drm_clearkey.te similarity index 100% rename from legacy/widevine/hal_drm_clearkey.te rename to widevine/hal_drm_clearkey.te diff --git a/legacy/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te similarity index 100% rename from legacy/widevine/hal_drm_widevine.te rename to widevine/hal_drm_widevine.te diff --git a/legacy/widevine/service_contexts b/widevine/service_contexts similarity index 100% rename from legacy/widevine/service_contexts rename to widevine/service_contexts diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index 66c4d34..f202935 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -17,15 +17,8 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/pr BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/whitechapel_pro -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/private -SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/public -SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/vendor -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/tracking_denials -PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/public +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private + From a9972cfbde98a63604014e331c442606b4012690 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 23 Aug 2023 16:16:36 +0800 Subject: [PATCH 040/321] Remove camera duplicate config Bug: 296187211 Test: make selinux_policy Merged-In: I030b4f5c59383478355ac2cee8363f45c8101041 Change-Id: I105f5b282c29874b4fb6595fc808f5ae033e75d3 --- legacy/vendor/debug_camera_app.te | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te index 37a19ec..16fb321 100644 --- a/legacy/vendor/debug_camera_app.te +++ b/legacy/vendor/debug_camera_app.te @@ -1,14 +1,5 @@ userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; @@ -18,9 +9,6 @@ userdebug_or_eng(` allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; ') From 9bd666007d59b2fa9654eca74c204dd60f26cd9c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 23 Aug 2023 17:57:50 +0800 Subject: [PATCH 041/321] Revert^2 commit 2c99c990d366898f9766533c3cdf3858b7e2a70b" This reverts commit 5d2c755531412151c273a22ee96073e9ddb09022. Bug: 297129706 Change-Id: Ia8301a139559e8abf119a0964d7a06914aacf55e --- legacy/OWNERS | 3 + legacy/{ => legacy}/private/property_contexts | 0 .../system_ext/private/property_contexts | 2 + legacy/legacy/system_ext/public/property.te | 2 + .../{ => legacy}/whitechapel_pro/attributes | 0 .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 legacy/{ => legacy}/whitechapel_pro/device.te | 3 - legacy/{ => legacy}/whitechapel_pro/file.te | 3 - .../whitechapel_pro/file_contexts | 5 - .../whitechapel_pro/genfs_contexts | 0 .../hal_input_processor_default.te | 0 legacy/legacy/whitechapel_pro/keys.conf | 5 + .../whitechapel_pro/mac_permissions.xml | 0 .../{ => legacy}/whitechapel_pro/property.te | 0 .../whitechapel_pro/property_contexts | 0 .../{ => legacy}/whitechapel_pro/service.te | 0 .../whitechapel_pro/service_contexts | 0 legacy/{ => legacy}/whitechapel_pro/te_macros | 0 .../whitechapel_pro/vndservice.te | 0 .../whitechapel_pro/vndservice_contexts | 0 {private => legacy/private}/vendor_init.te | 0 {radio => legacy/radio}/bipchmgr.te | 0 .../radio}/cat_engine_service_app.te | 0 {radio => legacy/radio}/cbd.te | 0 {radio => legacy/radio}/cbrs_setup.te | 0 .../radio}/certs/com_google_mds.x509.pem | 0 {radio => legacy/radio}/device.te | 0 {radio => legacy/radio}/dmd.te | 0 {radio => legacy/radio}/file.te | 0 {radio => legacy/radio}/file_contexts | 0 {radio => legacy/radio}/fsck.te | 0 {radio => legacy/radio}/genfs_contexts | 5 +- {radio => legacy/radio}/gpsd.te | 0 {radio => legacy/radio}/grilservice_app.te | 1 + .../radio}/hal_radioext_default.te | 1 + {radio => legacy/radio}/hwservice.te | 0 {radio => legacy/radio}/hwservice_contexts | 0 {radio => legacy/radio}/hwservicemanager.te | 0 {radio => legacy/radio}/init.te | 0 {radio => legacy/radio}/init_radio.te | 0 legacy/radio/keys.conf | 3 + {radio => legacy/radio}/logger_app.te | 3 + {radio => legacy/radio}/mac_permissions.xml | 0 .../radio}/modem_diagnostic_app.te | 0 .../radio}/modem_logging_control.te | 0 {radio => legacy/radio}/modem_ml_svc_sit.te | 0 {radio => legacy/radio}/modem_svc_sit.te | 0 {radio => legacy/radio}/oemrilservice_app.te | 0 {radio => legacy/radio}/private/radio.te | 0 .../radio}/private/service_contexts | 0 {radio => legacy/radio}/property.te | 0 {radio => legacy/radio}/property_contexts | 0 legacy/radio/radio.te | 8 + {radio => legacy/radio}/rfsd.te | 0 legacy/radio/rild.te | 42 ++ {radio => legacy/radio}/sced.te | 0 {radio => legacy/radio}/seapp_contexts | 0 {radio => legacy/radio}/ssr_detector.te | 0 {radio => legacy/radio}/vcd.te | 0 .../radio}/vendor_engineermode_app.te | 0 {radio => legacy/radio}/vendor_ims_app.te | 0 .../radio}/vendor_ims_remote_app.te | 0 {radio => legacy/radio}/vendor_init.te | 0 .../radio}/vendor_qualifiednetworks_app.te | 0 {radio => legacy/radio}/vendor_rcs_app.te | 0 .../radio}/vendor_rcs_service_app.te | 0 .../radio}/vendor_silentlogging_remote_app.te | 0 .../radio}/vendor_telephony_debug_app.te | 0 .../vendor_telephony_silentlogging_app.te | 0 .../radio}/vendor_telephony_test_app.te | 0 {radio => legacy/radio}/vold.te | 0 .../system_ext}/private/platform_app.te | 0 legacy/system_ext/private/property_contexts | 2 - legacy/system_ext/private/seapp_contexts | 0 legacy/system_ext/private/systemui_app.te | 20 + legacy/system_ext/public/property.te | 6 +- legacy/system_ext/public/systemui_app.te | 0 legacy/tracking_denials/README.txt | 2 + legacy/tracking_denials/bug_map | 10 + legacy/tracking_denials/kernel.te | 2 + .../rebalance_interrupts_vendor.te | 0 {vendor => legacy/vendor}/audioserver.te | 0 {vendor => legacy/vendor}/bootanim.te | 0 .../vendor}/cccdk_timesync_app.te | 3 +- legacy/vendor/certs/app.x509.pem | 27 + legacy/vendor/certs/camera_eng.x509.pem | 17 + legacy/vendor/certs/camera_fishfood.x509.pem | 15 + ...ogle_android_apps_camera_services.x509.pem | 30 + {vendor => legacy/vendor}/charger_vendor.te | 0 legacy/vendor/chre.te | 16 + legacy/vendor/con_monitor_app.te | 12 + legacy/vendor/debug_camera_app.te | 26 + legacy/vendor/device.te | 29 + .../disable-contaminant-detection-sh.te | 7 + {vendor => legacy/vendor}/domain.te | 0 legacy/vendor/dump_cma.te | 7 + {vendor => legacy/vendor}/dump_gsa.te | 0 {vendor => legacy/vendor}/dump_power.te | 0 {vendor => legacy/vendor}/dump_wlan.te | 0 {vendor => legacy/vendor}/dumpstate.te | 0 {vendor => legacy/vendor}/e2fs.te | 0 {vendor => legacy/vendor}/euiccpixel_app.te | 0 legacy/vendor/fastbootd.te | 6 + legacy/vendor/file.te | 57 ++ legacy/vendor/file_contexts | 181 ++++++ {vendor => legacy/vendor}/fsck.te | 0 legacy/vendor/genfs_contexts | 501 ++++++++++++++++ legacy/vendor/google_camera_app.te | 23 + legacy/vendor/gxp_logging.te | 22 + .../vendor}/hal_bluetooth_btlinux.te | 0 .../vendor}/hal_bootctl_default.te | 4 + .../vendor}/hal_camera_default.te | 10 + .../vendor}/hal_contexthub_default.te | 0 .../vendor}/hal_fingerprint_default.te | 4 + .../vendor/hal_graphics_allocator_default.te | 6 + .../vendor}/hal_graphics_composer_default.te | 0 legacy/vendor/hal_health_default.te | 16 + .../vendor}/hal_memtrack_default.te | 0 {vendor => legacy/vendor}/hal_nfc_default.te | 0 .../vendor}/hal_power_default.te | 4 +- .../vendor}/hal_power_stats_default.te | 1 + .../vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../vendor}/hal_secure_element_uicc.te | 0 .../vendor}/hal_sensors_default.te | 6 + .../vendor}/hal_thermal_default.te | 0 .../vendor}/hal_usb_gadget_impl.te | 0 {vendor => legacy/vendor}/hal_usb_impl.te | 1 + .../vendor}/hal_uwb_vendor_default.te | 4 + {vendor => legacy/vendor}/hal_wifi_ext.te | 0 .../vendor}/hal_wireless_charger.te | 0 {vendor => legacy/vendor}/hwservice.te | 0 {vendor => legacy/vendor}/hwservice_contexts | 0 {vendor => legacy/vendor}/init.te | 0 {vendor => legacy/vendor}/insmod-sh.te | 0 {vendor => legacy/vendor}/installd.te | 0 legacy/vendor/kernel.te | 24 + {vendor => legacy/vendor}/logd.te | 0 {vendor => legacy/vendor}/mac_permissions.xml | 0 .../vendor}/mediacodec_google.te | 1 + legacy/vendor/pixeldisplayservice_app.te | 11 + legacy/vendor/pixelstats_vendor.te | 35 ++ {vendor => legacy/vendor}/platform_app.te | 0 {vendor => legacy/vendor}/property.te | 6 + {vendor => legacy/vendor}/property_contexts | 7 + {vendor => legacy/vendor}/ramdump_app.te | 0 {vendor => legacy/vendor}/recovery.te | 0 {vendor => legacy/vendor}/rlsservice.te | 0 legacy/vendor/seapp_contexts | 31 + {vendor => legacy/vendor}/service.te | 0 {vendor => legacy/vendor}/service_contexts | 0 {vendor => legacy/vendor}/shell.te | 0 {vendor => legacy/vendor}/surfaceflinger.te | 0 {vendor => legacy/vendor}/system_app.te | 0 {vendor => legacy/vendor}/system_server.te | 1 + {vendor => legacy/vendor}/systemui_app.te | 0 {vendor => legacy/vendor}/tcpdump_logger.te | 0 {vendor => legacy/vendor}/tee.te | 0 {vendor => legacy/vendor}/toolbox.te | 0 {vendor => legacy/vendor}/trusty_apploader.te | 0 {vendor => legacy/vendor}/trusty_metricsd.te | 0 {vendor => legacy/vendor}/twoshay.te | 0 .../vendor}/ufs_firmware_update.te | 0 {vendor => legacy/vendor}/update_engine.te | 1 - {vendor => legacy/vendor}/uwb_vendor_app.te | 0 {vendor => legacy/vendor}/vendor_init.te | 12 +- {vendor => legacy/vendor}/vendor_uwb_init.te | 3 + {vendor => legacy/vendor}/vndservice.te | 0 {vendor => legacy/vendor}/vndservice_contexts | 0 {vendor => legacy/vendor}/wifi_sniffer.te | 0 legacy/whitechapel_pro/keys.conf | 5 - {widevine => legacy/widevine}/file.te | 0 {widevine => legacy/widevine}/file_contexts | 0 .../widevine}/hal_drm_clearkey.te | 0 .../widevine}/hal_drm_widevine.te | 0 .../widevine}/service_contexts | 0 radio/keys.conf | 3 - radio/radio.te | 6 - tracking_denials/con_monitor_app.te | 36 -- tracking_denials/dumpstate.te | 2 - tracking_denials/fastbootd.te | 4 - tracking_denials/hal_sensors_default.te | 3 - tracking_denials/hal_usb_impl.te | 2 - tracking_denials/incidentd.te | 3 - tracking_denials/kernel.te | 7 - tracking_denials/ssr_detector_app.te | 6 - tracking_denials/update_engine.te | 2 - tracking_denials/vendor_init.te | 3 - vendor/chre.te | 16 - vendor/con_monitor_app.te | 3 - vendor/debug_camera_app.te | 9 - vendor/device.te | 19 - vendor/file.te | 55 +- vendor/file_contexts | 179 +----- vendor/genfs_contexts | 563 ++---------------- vendor/google_camera_app.te | 7 - vendor/hal_graphics_allocator_default.te | 6 +- vendor/hal_health_default.te | 15 - vendor/kernel.te | 15 - vendor/pixeldisplayservice_app.te | 2 - vendor/pixelstats_vendor.te | 23 - vendor/seapp_contexts | 15 - zumapro-sepolicy.mk | 11 +- 204 files changed, 1326 insertions(+), 989 deletions(-) create mode 100644 legacy/OWNERS rename legacy/{ => legacy}/private/property_contexts (100%) create mode 100644 legacy/legacy/system_ext/private/property_contexts create mode 100644 legacy/legacy/system_ext/public/property.te rename legacy/{ => legacy}/whitechapel_pro/attributes (100%) rename legacy/{ => legacy}/whitechapel_pro/certs/EuiccSupportPixel.x509.pem (100%) rename legacy/{ => legacy}/whitechapel_pro/certs/com_qorvo_uwb.x509.pem (100%) rename legacy/{ => legacy}/whitechapel_pro/device.te (70%) rename legacy/{ => legacy}/whitechapel_pro/file.te (82%) rename legacy/{ => legacy}/whitechapel_pro/file_contexts (93%) rename legacy/{ => legacy}/whitechapel_pro/genfs_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/hal_input_processor_default.te (100%) create mode 100644 legacy/legacy/whitechapel_pro/keys.conf rename legacy/{ => legacy}/whitechapel_pro/mac_permissions.xml (100%) rename legacy/{ => legacy}/whitechapel_pro/property.te (100%) rename legacy/{ => legacy}/whitechapel_pro/property_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/service.te (100%) rename legacy/{ => legacy}/whitechapel_pro/service_contexts (100%) rename legacy/{ => legacy}/whitechapel_pro/te_macros (100%) rename legacy/{ => legacy}/whitechapel_pro/vndservice.te (100%) rename legacy/{ => legacy}/whitechapel_pro/vndservice_contexts (100%) rename {private => legacy/private}/vendor_init.te (100%) rename {radio => legacy/radio}/bipchmgr.te (100%) rename {radio => legacy/radio}/cat_engine_service_app.te (100%) rename {radio => legacy/radio}/cbd.te (100%) rename {radio => legacy/radio}/cbrs_setup.te (100%) rename {radio => legacy/radio}/certs/com_google_mds.x509.pem (100%) rename {radio => legacy/radio}/device.te (100%) rename {radio => legacy/radio}/dmd.te (100%) rename {radio => legacy/radio}/file.te (100%) rename {radio => legacy/radio}/file_contexts (100%) rename {radio => legacy/radio}/fsck.te (100%) rename {radio => legacy/radio}/genfs_contexts (63%) rename {radio => legacy/radio}/gpsd.te (100%) rename {radio => legacy/radio}/grilservice_app.te (92%) rename {radio => legacy/radio}/hal_radioext_default.te (92%) rename {radio => legacy/radio}/hwservice.te (100%) rename {radio => legacy/radio}/hwservice_contexts (100%) rename {radio => legacy/radio}/hwservicemanager.te (100%) rename {radio => legacy/radio}/init.te (100%) rename {radio => legacy/radio}/init_radio.te (100%) create mode 100644 legacy/radio/keys.conf rename {radio => legacy/radio}/logger_app.te (91%) rename {radio => legacy/radio}/mac_permissions.xml (100%) rename {radio => legacy/radio}/modem_diagnostic_app.te (100%) rename {radio => legacy/radio}/modem_logging_control.te (100%) rename {radio => legacy/radio}/modem_ml_svc_sit.te (100%) rename {radio => legacy/radio}/modem_svc_sit.te (100%) rename {radio => legacy/radio}/oemrilservice_app.te (100%) rename {radio => legacy/radio}/private/radio.te (100%) rename {radio => legacy/radio}/private/service_contexts (100%) rename {radio => legacy/radio}/property.te (100%) rename {radio => legacy/radio}/property_contexts (100%) create mode 100644 legacy/radio/radio.te rename {radio => legacy/radio}/rfsd.te (100%) create mode 100644 legacy/radio/rild.te rename {radio => legacy/radio}/sced.te (100%) rename {radio => legacy/radio}/seapp_contexts (100%) rename {radio => legacy/radio}/ssr_detector.te (100%) rename {radio => legacy/radio}/vcd.te (100%) rename {radio => legacy/radio}/vendor_engineermode_app.te (100%) rename {radio => legacy/radio}/vendor_ims_app.te (100%) rename {radio => legacy/radio}/vendor_ims_remote_app.te (100%) rename {radio => legacy/radio}/vendor_init.te (100%) rename {radio => legacy/radio}/vendor_qualifiednetworks_app.te (100%) rename {radio => legacy/radio}/vendor_rcs_app.te (100%) rename {radio => legacy/radio}/vendor_rcs_service_app.te (100%) rename {radio => legacy/radio}/vendor_silentlogging_remote_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_debug_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_silentlogging_app.te (100%) rename {radio => legacy/radio}/vendor_telephony_test_app.te (100%) rename {radio => legacy/radio}/vold.te (100%) rename {system_ext => legacy/system_ext}/private/platform_app.te (100%) create mode 100644 legacy/system_ext/private/seapp_contexts create mode 100644 legacy/system_ext/private/systemui_app.te create mode 100644 legacy/system_ext/public/systemui_app.te create mode 100644 legacy/tracking_denials/README.txt create mode 100644 legacy/tracking_denials/bug_map create mode 100644 legacy/tracking_denials/kernel.te rename {tracking_denials => legacy/tracking_denials}/rebalance_interrupts_vendor.te (100%) rename {vendor => legacy/vendor}/audioserver.te (100%) rename {vendor => legacy/vendor}/bootanim.te (100%) rename {vendor => legacy/vendor}/cccdk_timesync_app.te (77%) create mode 100644 legacy/vendor/certs/app.x509.pem create mode 100644 legacy/vendor/certs/camera_eng.x509.pem create mode 100644 legacy/vendor/certs/camera_fishfood.x509.pem create mode 100644 legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem rename {vendor => legacy/vendor}/charger_vendor.te (100%) create mode 100644 legacy/vendor/chre.te create mode 100644 legacy/vendor/con_monitor_app.te create mode 100644 legacy/vendor/debug_camera_app.te create mode 100644 legacy/vendor/device.te create mode 100644 legacy/vendor/disable-contaminant-detection-sh.te rename {vendor => legacy/vendor}/domain.te (100%) create mode 100644 legacy/vendor/dump_cma.te rename {vendor => legacy/vendor}/dump_gsa.te (100%) rename {vendor => legacy/vendor}/dump_power.te (100%) rename {vendor => legacy/vendor}/dump_wlan.te (100%) rename {vendor => legacy/vendor}/dumpstate.te (100%) rename {vendor => legacy/vendor}/e2fs.te (100%) rename {vendor => legacy/vendor}/euiccpixel_app.te (100%) create mode 100644 legacy/vendor/fastbootd.te create mode 100644 legacy/vendor/file.te create mode 100644 legacy/vendor/file_contexts rename {vendor => legacy/vendor}/fsck.te (100%) create mode 100644 legacy/vendor/genfs_contexts create mode 100644 legacy/vendor/google_camera_app.te create mode 100644 legacy/vendor/gxp_logging.te rename {vendor => legacy/vendor}/hal_bluetooth_btlinux.te (100%) rename {vendor => legacy/vendor}/hal_bootctl_default.te (77%) rename {vendor => legacy/vendor}/hal_camera_default.te (91%) rename {vendor => legacy/vendor}/hal_contexthub_default.te (100%) rename {vendor => legacy/vendor}/hal_fingerprint_default.te (91%) create mode 100644 legacy/vendor/hal_graphics_allocator_default.te rename {vendor => legacy/vendor}/hal_graphics_composer_default.te (100%) create mode 100644 legacy/vendor/hal_health_default.te rename {vendor => legacy/vendor}/hal_memtrack_default.te (100%) rename {vendor => legacy/vendor}/hal_nfc_default.te (100%) rename {vendor => legacy/vendor}/hal_power_default.te (66%) rename {vendor => legacy/vendor}/hal_power_stats_default.te (94%) rename {vendor => legacy/vendor}/hal_radioext_default.te (100%) rename {vendor => legacy/vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {vendor => legacy/vendor}/hal_secure_element_uicc.te (100%) rename {vendor => legacy/vendor}/hal_sensors_default.te (91%) rename {vendor => legacy/vendor}/hal_thermal_default.te (100%) rename {vendor => legacy/vendor}/hal_usb_gadget_impl.te (100%) rename {vendor => legacy/vendor}/hal_usb_impl.te (93%) rename {vendor => legacy/vendor}/hal_uwb_vendor_default.te (54%) rename {vendor => legacy/vendor}/hal_wifi_ext.te (100%) rename {vendor => legacy/vendor}/hal_wireless_charger.te (100%) rename {vendor => legacy/vendor}/hwservice.te (100%) rename {vendor => legacy/vendor}/hwservice_contexts (100%) rename {vendor => legacy/vendor}/init.te (100%) rename {vendor => legacy/vendor}/insmod-sh.te (100%) rename {vendor => legacy/vendor}/installd.te (100%) create mode 100644 legacy/vendor/kernel.te rename {vendor => legacy/vendor}/logd.te (100%) rename {vendor => legacy/vendor}/mac_permissions.xml (100%) rename {vendor => legacy/vendor}/mediacodec_google.te (95%) create mode 100644 legacy/vendor/pixeldisplayservice_app.te create mode 100644 legacy/vendor/pixelstats_vendor.te rename {vendor => legacy/vendor}/platform_app.te (100%) rename {vendor => legacy/vendor}/property.te (75%) rename {vendor => legacy/vendor}/property_contexts (78%) rename {vendor => legacy/vendor}/ramdump_app.te (100%) rename {vendor => legacy/vendor}/recovery.te (100%) rename {vendor => legacy/vendor}/rlsservice.te (100%) create mode 100644 legacy/vendor/seapp_contexts rename {vendor => legacy/vendor}/service.te (100%) rename {vendor => legacy/vendor}/service_contexts (100%) rename {vendor => legacy/vendor}/shell.te (100%) rename {vendor => legacy/vendor}/surfaceflinger.te (100%) rename {vendor => legacy/vendor}/system_app.te (100%) rename {vendor => legacy/vendor}/system_server.te (82%) rename {vendor => legacy/vendor}/systemui_app.te (100%) rename {vendor => legacy/vendor}/tcpdump_logger.te (100%) rename {vendor => legacy/vendor}/tee.te (100%) rename {vendor => legacy/vendor}/toolbox.te (100%) rename {vendor => legacy/vendor}/trusty_apploader.te (100%) rename {vendor => legacy/vendor}/trusty_metricsd.te (100%) rename {vendor => legacy/vendor}/twoshay.te (100%) rename {vendor => legacy/vendor}/ufs_firmware_update.te (100%) rename {vendor => legacy/vendor}/update_engine.te (74%) rename {vendor => legacy/vendor}/uwb_vendor_app.te (100%) rename {vendor => legacy/vendor}/vendor_init.te (84%) rename {vendor => legacy/vendor}/vendor_uwb_init.te (53%) rename {vendor => legacy/vendor}/vndservice.te (100%) rename {vendor => legacy/vendor}/vndservice_contexts (100%) rename {vendor => legacy/vendor}/wifi_sniffer.te (100%) delete mode 100644 legacy/whitechapel_pro/keys.conf rename {widevine => legacy/widevine}/file.te (100%) rename {widevine => legacy/widevine}/file_contexts (100%) rename {widevine => legacy/widevine}/hal_drm_clearkey.te (100%) rename {widevine => legacy/widevine}/hal_drm_widevine.te (100%) rename {widevine => legacy/widevine}/service_contexts (100%) delete mode 100644 radio/keys.conf delete mode 100644 tracking_denials/con_monitor_app.te delete mode 100644 tracking_denials/dumpstate.te delete mode 100644 tracking_denials/fastbootd.te delete mode 100644 tracking_denials/hal_sensors_default.te delete mode 100644 tracking_denials/hal_usb_impl.te delete mode 100644 tracking_denials/incidentd.te delete mode 100644 tracking_denials/kernel.te delete mode 100644 tracking_denials/ssr_detector_app.te delete mode 100644 tracking_denials/update_engine.te delete mode 100644 tracking_denials/vendor_init.te delete mode 100644 vendor/con_monitor_app.te delete mode 100644 vendor/debug_camera_app.te delete mode 100644 vendor/google_camera_app.te delete mode 100644 vendor/kernel.te delete mode 100644 vendor/pixeldisplayservice_app.te delete mode 100644 vendor/seapp_contexts diff --git a/legacy/OWNERS b/legacy/OWNERS new file mode 100644 index 0000000..791abb4 --- /dev/null +++ b/legacy/OWNERS @@ -0,0 +1,3 @@ +include platform/system/sepolicy:/OWNERS + +rurumihong@google.com diff --git a/legacy/private/property_contexts b/legacy/legacy/private/property_contexts similarity index 100% rename from legacy/private/property_contexts rename to legacy/legacy/private/property_contexts diff --git a/legacy/legacy/system_ext/private/property_contexts b/legacy/legacy/system_ext/private/property_contexts new file mode 100644 index 0000000..9f462bd --- /dev/null +++ b/legacy/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/legacy/system_ext/public/property.te b/legacy/legacy/system_ext/public/property.te new file mode 100644 index 0000000..8908e48 --- /dev/null +++ b/legacy/legacy/system_ext/public/property.te @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/whitechapel_pro/attributes b/legacy/legacy/whitechapel_pro/attributes similarity index 100% rename from legacy/whitechapel_pro/attributes rename to legacy/legacy/whitechapel_pro/attributes diff --git a/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/whitechapel_pro/device.te b/legacy/legacy/whitechapel_pro/device.te similarity index 70% rename from legacy/whitechapel_pro/device.te rename to legacy/legacy/whitechapel_pro/device.te index bf6f21c..7d31940 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/legacy/whitechapel_pro/device.te @@ -2,6 +2,3 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/whitechapel_pro/file.te b/legacy/legacy/whitechapel_pro/file.te similarity index 82% rename from legacy/whitechapel_pro/file.te rename to legacy/legacy/whitechapel_pro/file.te index 23d748b..f59a80b 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/legacy/whitechapel_pro/file.te @@ -2,8 +2,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -19,7 +17,6 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/legacy/whitechapel_pro/file_contexts similarity index 93% rename from legacy/whitechapel_pro/file_contexts rename to legacy/legacy/whitechapel_pro/file_contexts index a9901c0..3ee41cd 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/legacy/whitechapel_pro/file_contexts @@ -41,13 +41,8 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/legacy/whitechapel_pro/genfs_contexts similarity index 100% rename from legacy/whitechapel_pro/genfs_contexts rename to legacy/legacy/whitechapel_pro/genfs_contexts diff --git a/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/legacy/whitechapel_pro/hal_input_processor_default.te similarity index 100% rename from legacy/whitechapel_pro/hal_input_processor_default.te rename to legacy/legacy/whitechapel_pro/hal_input_processor_default.te diff --git a/legacy/legacy/whitechapel_pro/keys.conf b/legacy/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..acc82e4 --- /dev/null +++ b/legacy/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/mac_permissions.xml b/legacy/legacy/whitechapel_pro/mac_permissions.xml similarity index 100% rename from legacy/whitechapel_pro/mac_permissions.xml rename to legacy/legacy/whitechapel_pro/mac_permissions.xml diff --git a/legacy/whitechapel_pro/property.te b/legacy/legacy/whitechapel_pro/property.te similarity index 100% rename from legacy/whitechapel_pro/property.te rename to legacy/legacy/whitechapel_pro/property.te diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/legacy/whitechapel_pro/property_contexts similarity index 100% rename from legacy/whitechapel_pro/property_contexts rename to legacy/legacy/whitechapel_pro/property_contexts diff --git a/legacy/whitechapel_pro/service.te b/legacy/legacy/whitechapel_pro/service.te similarity index 100% rename from legacy/whitechapel_pro/service.te rename to legacy/legacy/whitechapel_pro/service.te diff --git a/legacy/whitechapel_pro/service_contexts b/legacy/legacy/whitechapel_pro/service_contexts similarity index 100% rename from legacy/whitechapel_pro/service_contexts rename to legacy/legacy/whitechapel_pro/service_contexts diff --git a/legacy/whitechapel_pro/te_macros b/legacy/legacy/whitechapel_pro/te_macros similarity index 100% rename from legacy/whitechapel_pro/te_macros rename to legacy/legacy/whitechapel_pro/te_macros diff --git a/legacy/whitechapel_pro/vndservice.te b/legacy/legacy/whitechapel_pro/vndservice.te similarity index 100% rename from legacy/whitechapel_pro/vndservice.te rename to legacy/legacy/whitechapel_pro/vndservice.te diff --git a/legacy/whitechapel_pro/vndservice_contexts b/legacy/legacy/whitechapel_pro/vndservice_contexts similarity index 100% rename from legacy/whitechapel_pro/vndservice_contexts rename to legacy/legacy/whitechapel_pro/vndservice_contexts diff --git a/private/vendor_init.te b/legacy/private/vendor_init.te similarity index 100% rename from private/vendor_init.te rename to legacy/private/vendor_init.te diff --git a/radio/bipchmgr.te b/legacy/radio/bipchmgr.te similarity index 100% rename from radio/bipchmgr.te rename to legacy/radio/bipchmgr.te diff --git a/radio/cat_engine_service_app.te b/legacy/radio/cat_engine_service_app.te similarity index 100% rename from radio/cat_engine_service_app.te rename to legacy/radio/cat_engine_service_app.te diff --git a/radio/cbd.te b/legacy/radio/cbd.te similarity index 100% rename from radio/cbd.te rename to legacy/radio/cbd.te diff --git a/radio/cbrs_setup.te b/legacy/radio/cbrs_setup.te similarity index 100% rename from radio/cbrs_setup.te rename to legacy/radio/cbrs_setup.te diff --git a/radio/certs/com_google_mds.x509.pem b/legacy/radio/certs/com_google_mds.x509.pem similarity index 100% rename from radio/certs/com_google_mds.x509.pem rename to legacy/radio/certs/com_google_mds.x509.pem diff --git a/radio/device.te b/legacy/radio/device.te similarity index 100% rename from radio/device.te rename to legacy/radio/device.te diff --git a/radio/dmd.te b/legacy/radio/dmd.te similarity index 100% rename from radio/dmd.te rename to legacy/radio/dmd.te diff --git a/radio/file.te b/legacy/radio/file.te similarity index 100% rename from radio/file.te rename to legacy/radio/file.te diff --git a/radio/file_contexts b/legacy/radio/file_contexts similarity index 100% rename from radio/file_contexts rename to legacy/radio/file_contexts diff --git a/radio/fsck.te b/legacy/radio/fsck.te similarity index 100% rename from radio/fsck.te rename to legacy/radio/fsck.te diff --git a/radio/genfs_contexts b/legacy/radio/genfs_contexts similarity index 63% rename from radio/genfs_contexts rename to legacy/radio/genfs_contexts index 347e461..6f0199f 100644 --- a/radio/genfs_contexts +++ b/legacy/radio/genfs_contexts @@ -4,8 +4,5 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -# GPS -genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 - # Modem -genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/radio/gpsd.te b/legacy/radio/gpsd.te similarity index 100% rename from radio/gpsd.te rename to legacy/radio/gpsd.te diff --git a/radio/grilservice_app.te b/legacy/radio/grilservice_app.te similarity index 92% rename from radio/grilservice_app.te rename to legacy/radio/grilservice_app.te index 2525bab..16976c9 100644 --- a/radio/grilservice_app.te +++ b/legacy/radio/grilservice_app.te @@ -3,6 +3,7 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; diff --git a/radio/hal_radioext_default.te b/legacy/radio/hal_radioext_default.te similarity index 92% rename from radio/hal_radioext_default.te rename to legacy/radio/hal_radioext_default.te index 6e17e19..7bc0e96 100644 --- a/radio/hal_radioext_default.te +++ b/legacy/radio/hal_radioext_default.te @@ -19,6 +19,7 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/radio/hwservice.te b/legacy/radio/hwservice.te similarity index 100% rename from radio/hwservice.te rename to legacy/radio/hwservice.te diff --git a/radio/hwservice_contexts b/legacy/radio/hwservice_contexts similarity index 100% rename from radio/hwservice_contexts rename to legacy/radio/hwservice_contexts diff --git a/radio/hwservicemanager.te b/legacy/radio/hwservicemanager.te similarity index 100% rename from radio/hwservicemanager.te rename to legacy/radio/hwservicemanager.te diff --git a/radio/init.te b/legacy/radio/init.te similarity index 100% rename from radio/init.te rename to legacy/radio/init.te diff --git a/radio/init_radio.te b/legacy/radio/init_radio.te similarity index 100% rename from radio/init_radio.te rename to legacy/radio/init_radio.te diff --git a/legacy/radio/keys.conf b/legacy/radio/keys.conf new file mode 100644 index 0000000..4784c60 --- /dev/null +++ b/legacy/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/radio/logger_app.te b/legacy/radio/logger_app.te similarity index 91% rename from radio/logger_app.te rename to legacy/radio/logger_app.te index 098955d..ab43385 100644 --- a/radio/logger_app.te +++ b/legacy/radio/logger_app.te @@ -5,6 +5,9 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:file create_file_perms; allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/radio/mac_permissions.xml b/legacy/radio/mac_permissions.xml similarity index 100% rename from radio/mac_permissions.xml rename to legacy/radio/mac_permissions.xml diff --git a/radio/modem_diagnostic_app.te b/legacy/radio/modem_diagnostic_app.te similarity index 100% rename from radio/modem_diagnostic_app.te rename to legacy/radio/modem_diagnostic_app.te diff --git a/radio/modem_logging_control.te b/legacy/radio/modem_logging_control.te similarity index 100% rename from radio/modem_logging_control.te rename to legacy/radio/modem_logging_control.te diff --git a/radio/modem_ml_svc_sit.te b/legacy/radio/modem_ml_svc_sit.te similarity index 100% rename from radio/modem_ml_svc_sit.te rename to legacy/radio/modem_ml_svc_sit.te diff --git a/radio/modem_svc_sit.te b/legacy/radio/modem_svc_sit.te similarity index 100% rename from radio/modem_svc_sit.te rename to legacy/radio/modem_svc_sit.te diff --git a/radio/oemrilservice_app.te b/legacy/radio/oemrilservice_app.te similarity index 100% rename from radio/oemrilservice_app.te rename to legacy/radio/oemrilservice_app.te diff --git a/radio/private/radio.te b/legacy/radio/private/radio.te similarity index 100% rename from radio/private/radio.te rename to legacy/radio/private/radio.te diff --git a/radio/private/service_contexts b/legacy/radio/private/service_contexts similarity index 100% rename from radio/private/service_contexts rename to legacy/radio/private/service_contexts diff --git a/radio/property.te b/legacy/radio/property.te similarity index 100% rename from radio/property.te rename to legacy/radio/property.te diff --git a/radio/property_contexts b/legacy/radio/property_contexts similarity index 100% rename from radio/property_contexts rename to legacy/radio/property_contexts diff --git a/legacy/radio/radio.te b/legacy/radio/radio.te new file mode 100644 index 0000000..221c812 --- /dev/null +++ b/legacy/radio/radio.te @@ -0,0 +1,8 @@ +set_prop(radio, telephony_ril_prop) + +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/radio/rfsd.te b/legacy/radio/rfsd.te similarity index 100% rename from radio/rfsd.te rename to legacy/radio/rfsd.te diff --git a/legacy/radio/rild.te b/legacy/radio/rild.te new file mode 100644 index 0000000..3a2bac7 --- /dev/null +++ b/legacy/radio/rild.te @@ -0,0 +1,42 @@ +set_prop(rild, vendor_rild_prop) +set_prop(rild, vendor_modem_prop) +get_prop(rild, vendor_persist_config_default_prop) +get_prop(rild, vendor_carrier_prop) + +get_prop(rild, sota_prop) +get_prop(rild, system_boot_reason_prop) + +set_prop(rild, telephony_ril_prop) + +allow rild proc_net:file rw_file_perms; +allow rild radio_vendor_data_file:dir create_dir_perms; +allow rild radio_vendor_data_file:file create_file_perms; +allow rild rild_vendor_data_file:dir create_dir_perms; +allow rild rild_vendor_data_file:file create_file_perms; +allow rild vendor_fw_file:file r_file_perms; +allow rild mnt_vendor_file:dir r_dir_perms; + +r_dir_file(rild, modem_img_file) + +binder_call(rild, bipchmgr) +binder_call(rild, gpsd) +binder_call(rild, hal_audio_default) +binder_call(rild, modem_svc_sit) +binder_call(rild, vendor_ims_app) +binder_call(rild, vendor_rcs_app) +binder_call(rild, oemrilservice_app) +binder_call(rild, hal_secure_element_uicc) +binder_call(rild, grilservice_app) +binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) +binder_call(rild, logger_app) + +crash_dump_fallback(rild) + +# for hal service +add_hwservice(rild, hal_exynos_rild_hwservice) + +# Allow rild to access files on modem img. +allow rild modem_img_file:dir r_dir_perms; +allow rild modem_img_file:file r_file_perms; +allow rild modem_img_file:lnk_file r_file_perms; diff --git a/radio/sced.te b/legacy/radio/sced.te similarity index 100% rename from radio/sced.te rename to legacy/radio/sced.te diff --git a/radio/seapp_contexts b/legacy/radio/seapp_contexts similarity index 100% rename from radio/seapp_contexts rename to legacy/radio/seapp_contexts diff --git a/radio/ssr_detector.te b/legacy/radio/ssr_detector.te similarity index 100% rename from radio/ssr_detector.te rename to legacy/radio/ssr_detector.te diff --git a/radio/vcd.te b/legacy/radio/vcd.te similarity index 100% rename from radio/vcd.te rename to legacy/radio/vcd.te diff --git a/radio/vendor_engineermode_app.te b/legacy/radio/vendor_engineermode_app.te similarity index 100% rename from radio/vendor_engineermode_app.te rename to legacy/radio/vendor_engineermode_app.te diff --git a/radio/vendor_ims_app.te b/legacy/radio/vendor_ims_app.te similarity index 100% rename from radio/vendor_ims_app.te rename to legacy/radio/vendor_ims_app.te diff --git a/radio/vendor_ims_remote_app.te b/legacy/radio/vendor_ims_remote_app.te similarity index 100% rename from radio/vendor_ims_remote_app.te rename to legacy/radio/vendor_ims_remote_app.te diff --git a/radio/vendor_init.te b/legacy/radio/vendor_init.te similarity index 100% rename from radio/vendor_init.te rename to legacy/radio/vendor_init.te diff --git a/radio/vendor_qualifiednetworks_app.te b/legacy/radio/vendor_qualifiednetworks_app.te similarity index 100% rename from radio/vendor_qualifiednetworks_app.te rename to legacy/radio/vendor_qualifiednetworks_app.te diff --git a/radio/vendor_rcs_app.te b/legacy/radio/vendor_rcs_app.te similarity index 100% rename from radio/vendor_rcs_app.te rename to legacy/radio/vendor_rcs_app.te diff --git a/radio/vendor_rcs_service_app.te b/legacy/radio/vendor_rcs_service_app.te similarity index 100% rename from radio/vendor_rcs_service_app.te rename to legacy/radio/vendor_rcs_service_app.te diff --git a/radio/vendor_silentlogging_remote_app.te b/legacy/radio/vendor_silentlogging_remote_app.te similarity index 100% rename from radio/vendor_silentlogging_remote_app.te rename to legacy/radio/vendor_silentlogging_remote_app.te diff --git a/radio/vendor_telephony_debug_app.te b/legacy/radio/vendor_telephony_debug_app.te similarity index 100% rename from radio/vendor_telephony_debug_app.te rename to legacy/radio/vendor_telephony_debug_app.te diff --git a/radio/vendor_telephony_silentlogging_app.te b/legacy/radio/vendor_telephony_silentlogging_app.te similarity index 100% rename from radio/vendor_telephony_silentlogging_app.te rename to legacy/radio/vendor_telephony_silentlogging_app.te diff --git a/radio/vendor_telephony_test_app.te b/legacy/radio/vendor_telephony_test_app.te similarity index 100% rename from radio/vendor_telephony_test_app.te rename to legacy/radio/vendor_telephony_test_app.te diff --git a/radio/vold.te b/legacy/radio/vold.te similarity index 100% rename from radio/vold.te rename to legacy/radio/vold.te diff --git a/system_ext/private/platform_app.te b/legacy/system_ext/private/platform_app.te similarity index 100% rename from system_ext/private/platform_app.te rename to legacy/system_ext/private/platform_app.te diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts index 9f462bd..e69de29 100644 --- a/legacy/system_ext/private/property_contexts +++ b/legacy/system_ext/private/property_contexts @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/private/seapp_contexts b/legacy/system_ext/private/seapp_contexts new file mode 100644 index 0000000..e69de29 diff --git a/legacy/system_ext/private/systemui_app.te b/legacy/system_ext/private/systemui_app.te new file mode 100644 index 0000000..99f30ac --- /dev/null +++ b/legacy/system_ext/private/systemui_app.te @@ -0,0 +1,20 @@ + +allow systemui_app app_api_service:service_manager find; +allow systemui_app network_score_service:service_manager find; +allow systemui_app overlay_service:service_manager find; +allow systemui_app color_display_service:service_manager find; +allow systemui_app audioserver_service:service_manager find; +allow systemui_app cameraserver_service:service_manager find; +allow systemui_app mediaserver_service:service_manager find; +allow systemui_app mediaextractor_service:service_manager find; +allow systemui_app mediametrics_service:service_manager find; +allow systemui_app radio_service:service_manager find; +allow systemui_app vr_manager_service:service_manager find; +allow systemui_app nfc_service:service_manager find; +allow systemui_app adb_service:service_manager find; +allow systemui_app statsmanager_service:service_manager find; + +get_prop(systemui_app, keyguard_config_prop) +set_prop(systemui_app, bootanim_system_prop) +get_prop(systemui_app, qemu_hw_prop) + diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te index 8908e48..2b30a6a 100644 --- a/legacy/system_ext/public/property.te +++ b/legacy/system_ext/public/property.te @@ -1,2 +1,4 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) +# Telephony +userdebug_or_eng(` + set_prop(shell, telephony_ril_prop) +') diff --git a/legacy/system_ext/public/systemui_app.te b/legacy/system_ext/public/systemui_app.te new file mode 100644 index 0000000..e69de29 diff --git a/legacy/tracking_denials/README.txt b/legacy/tracking_denials/README.txt new file mode 100644 index 0000000..6cfc62d --- /dev/null +++ b/legacy/tracking_denials/README.txt @@ -0,0 +1,2 @@ +This folder stores known errors detected by PTS. Be sure to remove relevant +files to reproduce error log on latest ROMs. diff --git a/legacy/tracking_denials/bug_map b/legacy/tracking_denials/bug_map new file mode 100644 index 0000000..74f2fbb --- /dev/null +++ b/legacy/tracking_denials/bug_map @@ -0,0 +1,10 @@ +dump_gxp vendor_gxp_prop file b/287898138 +dumpstate app_zygote process b/288049050 +hal_uwb_default debugfs file b/288049522 +incidentd debugfs_wakeup_sources file b/288049561 +incidentd incidentd anon_inode b/288049561 +insmod-sh insmod-sh key b/274374722 +insmod-sh vendor_regmap_debugfs dir b/274727542 +mtectrl unlabeled dir b/264483752 +systemui_app wm_trace_data_file dir b/288049075 +vendor_init proc file b/289856761 diff --git a/legacy/tracking_denials/kernel.te b/legacy/tracking_denials/kernel.te new file mode 100644 index 0000000..41b91bd --- /dev/null +++ b/legacy/tracking_denials/kernel.te @@ -0,0 +1,2 @@ +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/legacy/tracking_denials/rebalance_interrupts_vendor.te similarity index 100% rename from tracking_denials/rebalance_interrupts_vendor.te rename to legacy/tracking_denials/rebalance_interrupts_vendor.te diff --git a/vendor/audioserver.te b/legacy/vendor/audioserver.te similarity index 100% rename from vendor/audioserver.te rename to legacy/vendor/audioserver.te diff --git a/vendor/bootanim.te b/legacy/vendor/bootanim.te similarity index 100% rename from vendor/bootanim.te rename to legacy/vendor/bootanim.te diff --git a/vendor/cccdk_timesync_app.te b/legacy/vendor/cccdk_timesync_app.te similarity index 77% rename from vendor/cccdk_timesync_app.te rename to legacy/vendor/cccdk_timesync_app.te index f34c5f3..3948edc 100644 --- a/vendor/cccdk_timesync_app.te +++ b/legacy/vendor/cccdk_timesync_app.te @@ -2,6 +2,7 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/legacy/vendor/certs/app.x509.pem b/legacy/vendor/certs/app.x509.pem new file mode 100644 index 0000000..8e3e627 --- /dev/null +++ b/legacy/vendor/certs/app.x509.pem @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g +VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE +AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G +A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI +hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR +24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy +xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X +W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC +69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA +cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw +HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c +xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE +CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH +QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG +CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud +EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP +zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla +XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a +IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a +ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW +Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_eng.x509.pem b/legacy/vendor/certs/camera_eng.x509.pem new file mode 100644 index 0000000..011a9ec --- /dev/null +++ b/legacy/vendor/certs/camera_eng.x509.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx +EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw +NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO +OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR ++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb ++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg +UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX +TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj +rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB +TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK +pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY +DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG +ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 +rscXTxYEf4Tqovc= +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_fishfood.x509.pem b/legacy/vendor/certs/camera_fishfood.x509.pem new file mode 100644 index 0000000..fb11572 --- /dev/null +++ b/legacy/vendor/certs/camera_fishfood.x509.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n +bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w +HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv +b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 +bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ +jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B +IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe +tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td +0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg +Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b +aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== +-----END CERTIFICATE----- diff --git a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem new file mode 100644 index 0000000..7b8c5b2 --- /dev/null +++ b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem @@ -0,0 +1,30 @@ +-----BEGIN CERTIFICATE----- +MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw +CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU +MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n +bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz +MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N +b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G +A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG +9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP +1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR +UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 +4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL +jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 +pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 +VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 +A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO +sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV +eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO +nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI +hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 +YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm +FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr +njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI +hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e +JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 +IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA +V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H +r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F +DB17LhMLl0GxX9j1 +-----END CERTIFICATE----- diff --git a/vendor/charger_vendor.te b/legacy/vendor/charger_vendor.te similarity index 100% rename from vendor/charger_vendor.te rename to legacy/vendor/charger_vendor.te diff --git a/legacy/vendor/chre.te b/legacy/vendor/chre.te new file mode 100644 index 0000000..a1d1ca5 --- /dev/null +++ b/legacy/vendor/chre.te @@ -0,0 +1,16 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/legacy/vendor/con_monitor_app.te b/legacy/vendor/con_monitor_app.te new file mode 100644 index 0000000..7690191 --- /dev/null +++ b/legacy/vendor/con_monitor_app.te @@ -0,0 +1,12 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); + +allow con_monitor_app app_api_service:service_manager find; +allow con_monitor_app batterystats_service:service_manager find; +allow con_monitor_app virtual_device_service:service_manager find; + +binder_call(con_monitor_app, system_server); +binder_call(con_monitor_app, servicemanager); + +set_prop(con_monitor_app, radio_prop); diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te new file mode 100644 index 0000000..37a19ec --- /dev/null +++ b/legacy/vendor/debug_camera_app.te @@ -0,0 +1,26 @@ + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows GCA-Eng & GCA-Next access the GXP device and properties. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + get_prop(debug_camera_app, vendor_gxp_prop) + + # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) + + # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. + allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; +') diff --git a/legacy/vendor/device.te b/legacy/vendor/device.te new file mode 100644 index 0000000..f63086d --- /dev/null +++ b/legacy/vendor/device.te @@ -0,0 +1,29 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type gxp_device, dev_type, mlstrustedobject; +type hw_jpg_device, dev_type; +userdebug_or_eng(` + typeattribute hw_jpg_device mlstrustedobject; +') +type fingerprint_device, dev_type; +type uci_device, dev_type; + +# Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; + +# SecureElement SPI device +type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; diff --git a/legacy/vendor/disable-contaminant-detection-sh.te b/legacy/vendor/disable-contaminant-detection-sh.te new file mode 100644 index 0000000..95845a1 --- /dev/null +++ b/legacy/vendor/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/domain.te b/legacy/vendor/domain.te similarity index 100% rename from vendor/domain.te rename to legacy/vendor/domain.te diff --git a/legacy/vendor/dump_cma.te b/legacy/vendor/dump_cma.te new file mode 100644 index 0000000..bf5edf2 --- /dev/null +++ b/legacy/vendor/dump_cma.te @@ -0,0 +1,7 @@ +pixel_bugreport(dump_cma) + +userdebug_or_eng(` + allow dump_cma vendor_toolbox_exec:file execute_no_trans; + allow dump_cma vendor_cma_debugfs:dir r_dir_perms; + allow dump_cma vendor_cma_debugfs:file r_file_perms; +') diff --git a/vendor/dump_gsa.te b/legacy/vendor/dump_gsa.te similarity index 100% rename from vendor/dump_gsa.te rename to legacy/vendor/dump_gsa.te diff --git a/vendor/dump_power.te b/legacy/vendor/dump_power.te similarity index 100% rename from vendor/dump_power.te rename to legacy/vendor/dump_power.te diff --git a/vendor/dump_wlan.te b/legacy/vendor/dump_wlan.te similarity index 100% rename from vendor/dump_wlan.te rename to legacy/vendor/dump_wlan.te diff --git a/vendor/dumpstate.te b/legacy/vendor/dumpstate.te similarity index 100% rename from vendor/dumpstate.te rename to legacy/vendor/dumpstate.te diff --git a/vendor/e2fs.te b/legacy/vendor/e2fs.te similarity index 100% rename from vendor/e2fs.te rename to legacy/vendor/e2fs.te diff --git a/vendor/euiccpixel_app.te b/legacy/vendor/euiccpixel_app.te similarity index 100% rename from vendor/euiccpixel_app.te rename to legacy/vendor/euiccpixel_app.te diff --git a/legacy/vendor/fastbootd.te b/legacy/vendor/fastbootd.te new file mode 100644 index 0000000..c7f6a88 --- /dev/null +++ b/legacy/vendor/fastbootd.te @@ -0,0 +1,6 @@ +recovery_only(` + allow fastbootd devinfo_block_device:blk_file rw_file_perms; + allow fastbootd sda_block_device:blk_file rw_file_perms; + allow fastbootd sysfs_ota:file rw_file_perms; + allow fastbootd st54spi_device:chr_file rw_file_perms; +') diff --git a/legacy/vendor/file.te b/legacy/vendor/file.te new file mode 100644 index 0000000..357643a --- /dev/null +++ b/legacy/vendor/file.te @@ -0,0 +1,57 @@ +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; +type sysfs_pca, sysfs_type, fs_type; +type sysfs_aoc_udfps, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; +type sysfs_gsa_log, sysfs_type, fs_type; + +# Gxp sysfs file +type sysfs_gxp, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; + +# Data +type sensor_reg_data_file, file_type, data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; +type sysfs_ospm, sysfs_type, fs_type; diff --git a/legacy/vendor/file_contexts b/legacy/vendor/file_contexts new file mode 100644 index 0000000..912e59d --- /dev/null +++ b/legacy/vendor/file_contexts @@ -0,0 +1,181 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 +# Vendor libraries +/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-nautius u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 +/dev/video12 u:object_r:hw_jpg_device:s0 +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/vendor/fsck.te b/legacy/vendor/fsck.te similarity index 100% rename from vendor/fsck.te rename to legacy/vendor/fsck.te diff --git a/legacy/vendor/genfs_contexts b/legacy/vendor/genfs_contexts new file mode 100644 index 0000000..809910b --- /dev/null +++ b/legacy/vendor/genfs_contexts @@ -0,0 +1,501 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# OSPM +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + +# debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 + +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + +# disable contaminant detection +genfscon sysfs /devices/platform/10cb0000.hsi2c u:object_r:sysfs_batteryinfo:s0 + +# Battery +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/legacy/vendor/google_camera_app.te b/legacy/vendor/google_camera_app.te new file mode 100644 index 0000000..f9f5fa0 --- /dev/null +++ b/legacy/vendor/google_camera_app.te @@ -0,0 +1,23 @@ + +allow google_camera_app app_api_service:service_manager find; +allow google_camera_app audioserver_service:service_manager find; +allow google_camera_app cameraserver_service:service_manager find; +allow google_camera_app mediaextractor_service:service_manager find; +allow google_camera_app mediametrics_service:service_manager find; +allow google_camera_app mediaserver_service:service_manager find; + +# Allows GCA to acccess the GXP device. +allow google_camera_app gxp_device:chr_file rw_file_perms; + +# Allow GCA to access the GXP properies. +get_prop(google_camera_app, vendor_gxp_prop) + +# Allows GCA to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/legacy/vendor/gxp_logging.te b/legacy/vendor/gxp_logging.te new file mode 100644 index 0000000..fb78c53 --- /dev/null +++ b/legacy/vendor/gxp_logging.te @@ -0,0 +1,22 @@ +type gxp_logging, domain; +type gxp_logging_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gxp_logging) + +# The logging service accesses /dev/gxp +allow gxp_logging gxp_device:chr_file rw_file_perms; + +# Allow logging service to access /sys/class/gxp +allow gxp_logging sysfs_gxp:dir search; +allow gxp_logging sysfs_gxp:file rw_file_perms; + +# Allow logging service to log to stats service for reporting metrics. +allow gxp_logging fwk_stats_service:service_manager find; +binder_call(gxp_logging, system_server); +binder_use(gxp_logging) + +# Allow logging service to read gxp properties. +get_prop(gxp_logging, vendor_gxp_prop) + +# Allow gxp tracing service to send packets to Perfetto +userdebug_or_eng(`perfetto_producer(gxp_logging)') + diff --git a/vendor/hal_bluetooth_btlinux.te b/legacy/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from vendor/hal_bluetooth_btlinux.te rename to legacy/vendor/hal_bluetooth_btlinux.te diff --git a/vendor/hal_bootctl_default.te b/legacy/vendor/hal_bootctl_default.te similarity index 77% rename from vendor/hal_bootctl_default.te rename to legacy/vendor/hal_bootctl_default.te index 2db4651..2ffeb27 100644 --- a/vendor/hal_bootctl_default.te +++ b/legacy/vendor/hal_bootctl_default.te @@ -2,3 +2,7 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; allow hal_bootctl_default tee_device:chr_file rw_file_perms; + +recovery_only(` + allow hal_bootctl_default rootfs:dir r_dir_perms; +') diff --git a/vendor/hal_camera_default.te b/legacy/vendor/hal_camera_default.te similarity index 91% rename from vendor/hal_camera_default.te rename to legacy/vendor/hal_camera_default.te index 35cd7cf..e252b28 100644 --- a/vendor/hal_camera_default.te +++ b/legacy/vendor/hal_camera_default.te @@ -29,6 +29,10 @@ allow hal_camera_default persist_camera_file:file create_file_perms; allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; allow hal_camera_default vendor_camera_data_file:file create_file_perms; +# Allow the camera hal to access the GXP device. +allow hal_camera_default gxp_device:chr_file rw_file_perms; +get_prop(hal_camera_default, vendor_gxp_prop) + # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; @@ -77,6 +81,9 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); +# Allows camera HAL to access the hw_jpeg /dev/video12. +allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; + # For camera hal to talk with rlsservice allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) @@ -94,3 +101,6 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; dontaudit hal_camera_default traced_producer_socket:sock_file { write }; + +# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes +wakelock_use(hal_camera_default) diff --git a/vendor/hal_contexthub_default.te b/legacy/vendor/hal_contexthub_default.te similarity index 100% rename from vendor/hal_contexthub_default.te rename to legacy/vendor/hal_contexthub_default.te diff --git a/vendor/hal_fingerprint_default.te b/legacy/vendor/hal_fingerprint_default.te similarity index 91% rename from vendor/hal_fingerprint_default.te rename to legacy/vendor/hal_fingerprint_default.te index 6aa57dd..b0a8116 100644 --- a/vendor/hal_fingerprint_default.te +++ b/legacy/vendor/hal_fingerprint_default.te @@ -37,3 +37,7 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; + +# Allow fingerprint to access sysfs_aoc_udfps +allow hal_fingerprint_default sysfs_aoc:dir search; +allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; diff --git a/legacy/vendor/hal_graphics_allocator_default.te b/legacy/vendor/hal_graphics_allocator_default.te new file mode 100644 index 0000000..b624db1 --- /dev/null +++ b/legacy/vendor/hal_graphics_allocator_default.te @@ -0,0 +1,6 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; diff --git a/vendor/hal_graphics_composer_default.te b/legacy/vendor/hal_graphics_composer_default.te similarity index 100% rename from vendor/hal_graphics_composer_default.te rename to legacy/vendor/hal_graphics_composer_default.te diff --git a/legacy/vendor/hal_health_default.te b/legacy/vendor/hal_health_default.te new file mode 100644 index 0000000..36e6cb1 --- /dev/null +++ b/legacy/vendor/hal_health_default.te @@ -0,0 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; +allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/vendor/hal_memtrack_default.te b/legacy/vendor/hal_memtrack_default.te similarity index 100% rename from vendor/hal_memtrack_default.te rename to legacy/vendor/hal_memtrack_default.te diff --git a/vendor/hal_nfc_default.te b/legacy/vendor/hal_nfc_default.te similarity index 100% rename from vendor/hal_nfc_default.te rename to legacy/vendor/hal_nfc_default.te diff --git a/vendor/hal_power_default.te b/legacy/vendor/hal_power_default.te similarity index 66% rename from vendor/hal_power_default.te rename to legacy/vendor/hal_power_default.te index bb86aad..1f0cd3a 100644 --- a/vendor/hal_power_default.te +++ b/legacy/vendor/hal_power_default.te @@ -4,4 +4,6 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file +allow hal_power_default sysfs_ospm:file rw_file_perms; +allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms; +set_prop(hal_power_default, vendor_camera_prop); diff --git a/vendor/hal_power_stats_default.te b/legacy/vendor/hal_power_stats_default.te similarity index 94% rename from vendor/hal_power_stats_default.te rename to legacy/vendor/hal_power_stats_default.te index 2845a0a..012debc 100644 --- a/vendor/hal_power_stats_default.te +++ b/legacy/vendor/hal_power_stats_default.te @@ -3,6 +3,7 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) +r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) diff --git a/vendor/hal_radioext_default.te b/legacy/vendor/hal_radioext_default.te similarity index 100% rename from vendor/hal_radioext_default.te rename to legacy/vendor/hal_radioext_default.te diff --git a/vendor/hal_secure_element_st54spi_aidl.te b/legacy/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from vendor/hal_secure_element_st54spi_aidl.te rename to legacy/vendor/hal_secure_element_st54spi_aidl.te diff --git a/vendor/hal_secure_element_uicc.te b/legacy/vendor/hal_secure_element_uicc.te similarity index 100% rename from vendor/hal_secure_element_uicc.te rename to legacy/vendor/hal_secure_element_uicc.te diff --git a/vendor/hal_sensors_default.te b/legacy/vendor/hal_sensors_default.te similarity index 91% rename from vendor/hal_sensors_default.te rename to legacy/vendor/hal_sensors_default.te index b9f6a72..fe24c8a 100644 --- a/vendor/hal_sensors_default.te +++ b/legacy/vendor/hal_sensors_default.te @@ -17,6 +17,9 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; +# Allow sensor HAL to access the thermal service HAL +hal_client_domain(hal_sensors_default, hal_thermal); + # Allow reading of sensor registry persist files and camera persist files. allow hal_sensors_default mnt_vendor_file:dir search; allow hal_sensors_default persist_file:dir search; @@ -46,6 +49,9 @@ binder_call(hal_sensors_default, system_server); # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) +# Allow access to raw HID devices for dynamic sensors. +allow hal_sensors_default hidraw_device:chr_file rw_file_perms; + # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; diff --git a/vendor/hal_thermal_default.te b/legacy/vendor/hal_thermal_default.te similarity index 100% rename from vendor/hal_thermal_default.te rename to legacy/vendor/hal_thermal_default.te diff --git a/vendor/hal_usb_gadget_impl.te b/legacy/vendor/hal_usb_gadget_impl.te similarity index 100% rename from vendor/hal_usb_gadget_impl.te rename to legacy/vendor/hal_usb_gadget_impl.te diff --git a/vendor/hal_usb_impl.te b/legacy/vendor/hal_usb_impl.te similarity index 93% rename from vendor/hal_usb_impl.te rename to legacy/vendor/hal_usb_impl.te index 15d74c5..27d7bdd 100644 --- a/vendor/hal_usb_impl.te +++ b/legacy/vendor/hal_usb_impl.te @@ -7,6 +7,7 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; +allow hal_usb_impl dumpstate:fd use; # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; diff --git a/vendor/hal_uwb_vendor_default.te b/legacy/vendor/hal_uwb_vendor_default.te similarity index 54% rename from vendor/hal_uwb_vendor_default.te rename to legacy/vendor/hal_uwb_vendor_default.te index 06a67d0..ac5d7e7 100644 --- a/vendor/hal_uwb_vendor_default.te +++ b/legacy/vendor/hal_uwb_vendor_default.te @@ -3,3 +3,7 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) +allow hal_uwb_default selinuxfs:file r_file_perms; + +allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; +allow hal_uwb_default uwb_data_vendor:file create_file_perms; diff --git a/vendor/hal_wifi_ext.te b/legacy/vendor/hal_wifi_ext.te similarity index 100% rename from vendor/hal_wifi_ext.te rename to legacy/vendor/hal_wifi_ext.te diff --git a/vendor/hal_wireless_charger.te b/legacy/vendor/hal_wireless_charger.te similarity index 100% rename from vendor/hal_wireless_charger.te rename to legacy/vendor/hal_wireless_charger.te diff --git a/vendor/hwservice.te b/legacy/vendor/hwservice.te similarity index 100% rename from vendor/hwservice.te rename to legacy/vendor/hwservice.te diff --git a/vendor/hwservice_contexts b/legacy/vendor/hwservice_contexts similarity index 100% rename from vendor/hwservice_contexts rename to legacy/vendor/hwservice_contexts diff --git a/vendor/init.te b/legacy/vendor/init.te similarity index 100% rename from vendor/init.te rename to legacy/vendor/init.te diff --git a/vendor/insmod-sh.te b/legacy/vendor/insmod-sh.te similarity index 100% rename from vendor/insmod-sh.te rename to legacy/vendor/insmod-sh.te diff --git a/vendor/installd.te b/legacy/vendor/installd.te similarity index 100% rename from vendor/installd.te rename to legacy/vendor/installd.te diff --git a/legacy/vendor/kernel.te b/legacy/vendor/kernel.te new file mode 100644 index 0000000..28f140a --- /dev/null +++ b/legacy/vendor/kernel.te @@ -0,0 +1,24 @@ +allow kernel vendor_fw_file:dir r_dir_perms; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +dontaudit kernel vendor_maxfg_debugfs:dir search; +dontaudit kernel sepolicy_file:file getattr; +dontaudit kernel system_bootstrap_lib_file:dir getattr; +dontaudit kernel system_bootstrap_lib_file:file getattr; +dontaudit kernel system_dlkm_file:dir getattr; +dontaudit kernel vendor_battery_debugfs:dir search; +dontaudit kernel vendor_charger_debugfs:dir search; + +allow kernel vendor_regmap_debugfs:dir search; + diff --git a/vendor/logd.te b/legacy/vendor/logd.te similarity index 100% rename from vendor/logd.te rename to legacy/vendor/logd.te diff --git a/vendor/mac_permissions.xml b/legacy/vendor/mac_permissions.xml similarity index 100% rename from vendor/mac_permissions.xml rename to legacy/vendor/mac_permissions.xml diff --git a/vendor/mediacodec_google.te b/legacy/vendor/mediacodec_google.te similarity index 95% rename from vendor/mediacodec_google.te rename to legacy/vendor/mediacodec_google.te index 1c6413a..3056cf9 100644 --- a/vendor/mediacodec_google.te +++ b/legacy/vendor/mediacodec_google.te @@ -16,6 +16,7 @@ allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file rw_file_perms; allow mediacodec_google gpu_device:chr_file rw_file_perms; +allow mediacodec_google self:global_capability_class_set sys_nice; crash_dump_fallback(mediacodec_google) diff --git a/legacy/vendor/pixeldisplayservice_app.te b/legacy/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..736f443 --- /dev/null +++ b/legacy/vendor/pixeldisplayservice_app.te @@ -0,0 +1,11 @@ + +allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; +allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; + +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) + +# Standard system services +allow pixeldisplayservice_app app_api_service:service_manager find; + +allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/legacy/vendor/pixelstats_vendor.te b/legacy/vendor/pixelstats_vendor.te new file mode 100644 index 0000000..f4f447a --- /dev/null +++ b/legacy/vendor/pixelstats_vendor.te @@ -0,0 +1,35 @@ +# Battery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + +#vendor-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) +allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; +allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; + +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +# Display +r_dir_file(pixelstats_vendor, sysfs_display) +allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; + +# Pca charge +allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/vendor/platform_app.te b/legacy/vendor/platform_app.te similarity index 100% rename from vendor/platform_app.te rename to legacy/vendor/platform_app.te diff --git a/vendor/property.te b/legacy/vendor/property.te similarity index 75% rename from vendor/property.te rename to legacy/vendor/property.te index 8ef51a8..814beb2 100644 --- a/vendor/property.te +++ b/legacy/vendor/property.te @@ -13,3 +13,9 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN +vendor_internal_prop(vendor_armnn_config_prop) + +# Gxp properties +system_vendor_config_prop(vendor_gxp_prop) diff --git a/vendor/property_contexts b/legacy/vendor/property_contexts similarity index 78% rename from vendor/property_contexts rename to legacy/vendor/property_contexts index 8e43946..c77827d 100644 --- a/vendor/property_contexts +++ b/legacy/vendor/property_contexts @@ -4,6 +4,7 @@ vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint +persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 @@ -20,3 +21,9 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix + +# Gxp +vendor.gxp. u:object_r:vendor_gxp_prop:s0 diff --git a/vendor/ramdump_app.te b/legacy/vendor/ramdump_app.te similarity index 100% rename from vendor/ramdump_app.te rename to legacy/vendor/ramdump_app.te diff --git a/vendor/recovery.te b/legacy/vendor/recovery.te similarity index 100% rename from vendor/recovery.te rename to legacy/vendor/recovery.te diff --git a/vendor/rlsservice.te b/legacy/vendor/rlsservice.te similarity index 100% rename from vendor/rlsservice.te rename to legacy/vendor/rlsservice.te diff --git a/legacy/vendor/seapp_contexts b/legacy/vendor/seapp_contexts new file mode 100644 index 0000000..f994993 --- /dev/null +++ b/legacy/vendor/seapp_contexts @@ -0,0 +1,31 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# PixelDisplayService +user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all + +# Google Camera +user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all + +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all + diff --git a/vendor/service.te b/legacy/vendor/service.te similarity index 100% rename from vendor/service.te rename to legacy/vendor/service.te diff --git a/vendor/service_contexts b/legacy/vendor/service_contexts similarity index 100% rename from vendor/service_contexts rename to legacy/vendor/service_contexts diff --git a/vendor/shell.te b/legacy/vendor/shell.te similarity index 100% rename from vendor/shell.te rename to legacy/vendor/shell.te diff --git a/vendor/surfaceflinger.te b/legacy/vendor/surfaceflinger.te similarity index 100% rename from vendor/surfaceflinger.te rename to legacy/vendor/surfaceflinger.te diff --git a/vendor/system_app.te b/legacy/vendor/system_app.te similarity index 100% rename from vendor/system_app.te rename to legacy/vendor/system_app.te diff --git a/vendor/system_server.te b/legacy/vendor/system_server.te similarity index 82% rename from vendor/system_server.te rename to legacy/vendor/system_server.te index 853e3cf..de29de3 100644 --- a/vendor/system_server.te +++ b/legacy/vendor/system_server.te @@ -1,5 +1,6 @@ # Allow system server to send sensor data callbacks to GPS binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); +binder_call(system_server, con_monitor_app); allow system_server arm_mali_platform_service:service_manager find; diff --git a/vendor/systemui_app.te b/legacy/vendor/systemui_app.te similarity index 100% rename from vendor/systemui_app.te rename to legacy/vendor/systemui_app.te diff --git a/vendor/tcpdump_logger.te b/legacy/vendor/tcpdump_logger.te similarity index 100% rename from vendor/tcpdump_logger.te rename to legacy/vendor/tcpdump_logger.te diff --git a/vendor/tee.te b/legacy/vendor/tee.te similarity index 100% rename from vendor/tee.te rename to legacy/vendor/tee.te diff --git a/vendor/toolbox.te b/legacy/vendor/toolbox.te similarity index 100% rename from vendor/toolbox.te rename to legacy/vendor/toolbox.te diff --git a/vendor/trusty_apploader.te b/legacy/vendor/trusty_apploader.te similarity index 100% rename from vendor/trusty_apploader.te rename to legacy/vendor/trusty_apploader.te diff --git a/vendor/trusty_metricsd.te b/legacy/vendor/trusty_metricsd.te similarity index 100% rename from vendor/trusty_metricsd.te rename to legacy/vendor/trusty_metricsd.te diff --git a/vendor/twoshay.te b/legacy/vendor/twoshay.te similarity index 100% rename from vendor/twoshay.te rename to legacy/vendor/twoshay.te diff --git a/vendor/ufs_firmware_update.te b/legacy/vendor/ufs_firmware_update.te similarity index 100% rename from vendor/ufs_firmware_update.te rename to legacy/vendor/ufs_firmware_update.te diff --git a/vendor/update_engine.te b/legacy/vendor/update_engine.te similarity index 74% rename from vendor/update_engine.te rename to legacy/vendor/update_engine.te index fb59e4b..a403d9e 100644 --- a/vendor/update_engine.te +++ b/legacy/vendor/update_engine.te @@ -1,4 +1,3 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; -allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine proc_bootconfig:file r_file_perms; diff --git a/vendor/uwb_vendor_app.te b/legacy/vendor/uwb_vendor_app.te similarity index 100% rename from vendor/uwb_vendor_app.te rename to legacy/vendor/uwb_vendor_app.te diff --git a/vendor/vendor_init.te b/legacy/vendor/vendor_init.te similarity index 84% rename from vendor/vendor_init.te rename to legacy/vendor/vendor_init.te index 2071850..3abf696 100644 --- a/vendor/vendor_init.te +++ b/legacy/vendor/vendor_init.te @@ -11,6 +11,9 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; +# Allow for checking NSP permissions +allow vendor_init tee_data_file:lnk_file read; + userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') @@ -26,9 +29,16 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) +set_prop(vendor_init, vendor_ssrdump_prop) + # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) -set_prop(vendor_init, vendor_ssrdump_prop) + +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Gxp +set_prop(vendor_init, vendor_gxp_prop) diff --git a/vendor/vendor_uwb_init.te b/legacy/vendor/vendor_uwb_init.te similarity index 53% rename from vendor/vendor_uwb_init.te rename to legacy/vendor/vendor_uwb_init.te index 5216019..9008238 100644 --- a/vendor/vendor_uwb_init.te +++ b/legacy/vendor/vendor_uwb_init.te @@ -2,3 +2,6 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) + +allow vendor_uwb_init uwb_data_vendor:file create_file_perms; +allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/vendor/vndservice.te b/legacy/vendor/vndservice.te similarity index 100% rename from vendor/vndservice.te rename to legacy/vendor/vndservice.te diff --git a/vendor/vndservice_contexts b/legacy/vendor/vndservice_contexts similarity index 100% rename from vendor/vndservice_contexts rename to legacy/vendor/vndservice_contexts diff --git a/vendor/wifi_sniffer.te b/legacy/vendor/wifi_sniffer.te similarity index 100% rename from vendor/wifi_sniffer.te rename to legacy/vendor/wifi_sniffer.te diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index 76ea843..0000000 --- a/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/widevine/file.te b/legacy/widevine/file.te similarity index 100% rename from widevine/file.te rename to legacy/widevine/file.te diff --git a/widevine/file_contexts b/legacy/widevine/file_contexts similarity index 100% rename from widevine/file_contexts rename to legacy/widevine/file_contexts diff --git a/widevine/hal_drm_clearkey.te b/legacy/widevine/hal_drm_clearkey.te similarity index 100% rename from widevine/hal_drm_clearkey.te rename to legacy/widevine/hal_drm_clearkey.te diff --git a/widevine/hal_drm_widevine.te b/legacy/widevine/hal_drm_widevine.te similarity index 100% rename from widevine/hal_drm_widevine.te rename to legacy/widevine/hal_drm_widevine.te diff --git a/widevine/service_contexts b/legacy/widevine/service_contexts similarity index 100% rename from widevine/service_contexts rename to legacy/widevine/service_contexts diff --git a/radio/keys.conf b/radio/keys.conf deleted file mode 100644 index 45db97d..0000000 --- a/radio/keys.conf +++ /dev/null @@ -1,3 +0,0 @@ -[@MDS] -ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem - diff --git a/radio/radio.te b/radio/radio.te index 221c812..7a75779 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,8 +1,2 @@ set_prop(radio, telephony_ril_prop) -allow radio radio_vendor_data_file:dir rw_dir_perms; -allow radio radio_vendor_data_file:file create_file_perms; -allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; -allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te deleted file mode 100644 index 3baf986..0000000 --- a/tracking_denials/con_monitor_app.te +++ /dev/null @@ -1,36 +0,0 @@ -# b/261518779 -dontaudit con_monitor_app activity_service:service_manager { find }; -dontaudit con_monitor_app content_capture_service:service_manager { find }; -dontaudit con_monitor_app game_service:service_manager { find }; -dontaudit con_monitor_app netstats_service:service_manager { find }; -dontaudit con_monitor_app system_server:binder { call }; -dontaudit con_monitor_app system_server:binder { transfer }; -dontaudit con_monitor_app system_server:fd { use }; -# b/261783158 -dontaudit con_monitor_app system_file:file { getattr }; -dontaudit con_monitor_app system_file:file { map }; -dontaudit con_monitor_app system_file:file { open }; -dontaudit con_monitor_app system_file:file { read }; -dontaudit con_monitor_app tmpfs:file { execute }; -dontaudit con_monitor_app tmpfs:file { map }; -dontaudit con_monitor_app tmpfs:file { read }; -dontaudit con_monitor_app tmpfs:file { write }; -# b/261933171 -dontaudit con_monitor_app dumpstate:fd { use }; -dontaudit con_monitor_app dumpstate:fifo_file { append }; -dontaudit con_monitor_app dumpstate:fifo_file { write }; -dontaudit con_monitor_app system_server:fifo_file { write }; -dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; -dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; -# b/262455571 -dontaudit con_monitor_app data_file_type:dir { search }; -dontaudit con_monitor_app servicemanager:binder { call }; -dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; -dontaudit con_monitor_app statsdw_socket:sock_file { write }; -dontaudit con_monitor_app system_file:file { execute }; -# b/264489520 -userdebug_or_eng(` - permissive con_monitor_app; -') -# b/267843291 -dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te deleted file mode 100644 index 3313642..0000000 --- a/tracking_denials/dumpstate.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/277155496 -dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te deleted file mode 100644 index 4428b68..0000000 --- a/tracking_denials/fastbootd.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489957 -userdebug_or_eng(` - permissive fastbootd; -') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index 601c2bb..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/267260619 -dontaudit hal_sensors_default dumpstate:fd { use }; -dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te deleted file mode 100644 index 08db477..0000000 --- a/tracking_denials/hal_usb_impl.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261163 -dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te deleted file mode 100644 index 4bd4489..0000000 --- a/tracking_denials/incidentd.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/261933310 -dontaudit incidentd debugfs_wakeup_sources:file { open }; -dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te deleted file mode 100644 index 23d091b..0000000 --- a/tracking_denials/kernel.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/262794429 -dontaudit kernel sepolicy_file:file { getattr }; -dontaudit kernel system_bootstrap_lib_file:dir { getattr }; -dontaudit kernel system_bootstrap_lib_file:file { getattr }; -dontaudit kernel system_dlkm_file:dir { getattr }; -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te deleted file mode 100644 index d1c8b73..0000000 --- a/tracking_denials/ssr_detector_app.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/261651131 -dontaudit ssr_detector_app system_app_data_file:file { open }; -# b/264489567 -userdebug_or_eng(` - permissive ssr_detector_app; -') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te deleted file mode 100644 index 0de59ee..0000000 --- a/tracking_denials/update_engine.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261048 -dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te deleted file mode 100644 index abfba26..0000000 --- a/tracking_denials/vendor_init.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/260366195 -dontaudit vendor_init debugfs_trace_marker:file { getattr }; -dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/vendor/chre.te b/vendor/chre.te index 7c0ad8f..ed15009 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -1,20 +1,4 @@ -type chre, domain; -type chre_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(chre) - -# Permit communication with AoC -allow chre aoc_device:chr_file rw_file_perms; - -# Allow CHRE to determine AoC's current clock -allow chre sysfs_aoc:dir search; -allow chre sysfs_aoc_boottime:file r_file_perms; - -# Allow CHRE to create thread to watch AOC's device -allow chre device:dir r_dir_perms; - # Allow CHRE to write to data to chre data directory allow chre chre_data_file:dir create_dir_perms; allow chre chre_data_file:file create_file_perms; -# Allow CHRE to use WakeLock -wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te deleted file mode 100644 index 814c5e8..0000000 --- a/vendor/con_monitor_app.te +++ /dev/null @@ -1,3 +0,0 @@ -# ConnectivityMonitor app -type con_monitor_app, domain; -app_domain(con_monitor_app); diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te deleted file mode 100644 index 44859fe..0000000 --- a/vendor/debug_camera_app.te +++ /dev/null @@ -1,9 +0,0 @@ -userdebug_or_eng(` - # Allows GCA-Eng & GCA-Next access the GXP device and properties. - allow debug_camera_app gxp_device:chr_file rw_file_perms; - get_prop(debug_camera_app, vendor_gxp_prop) - - # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. - allow debug_camera_app edgetpu_app_service:service_manager find; - allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; -') diff --git a/vendor/device.te b/vendor/device.te index 044da91..ca6c3ca 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,22 +1,3 @@ -type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; -type mfg_data_block_device, dev_type; -type ufs_internal_block_device, dev_type; -type logbuffer_device, dev_type; -type fingerprint_device, dev_type; -type uci_device, dev_type; - # Dmabuf heaps -type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; -type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; -type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; -# SecureElement SPI device -type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/vendor/file.te b/vendor/file.te index b97b93d..fbeb901 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,54 +1,5 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type chre_data_file, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; - -# GSA -type sysfs_gsa_log, sysfs_type, fs_type; - # Faceauth type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; + +# Data +type chre_data_file, file_type, data_file_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index f59fcdd..36e396a 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,32 +1,5 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +# Vendor +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -34,109 +7,18 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 -# Vendor libraries - -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 - -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 - # Devices -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 @@ -144,67 +26,14 @@ /dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 1457d67..a4c9852 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,542 +1,53 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - # debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 -# Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - # Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te deleted file mode 100644 index fd19c05..0000000 --- a/vendor/google_camera_app.te +++ /dev/null @@ -1,7 +0,0 @@ -# Allows GCA to acccess the GXP device & properties. -allow google_camera_app gxp_device:chr_file rw_file_perms; -get_prop(google_camera_app, vendor_gxp_prop) - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index b624db1..08cd256 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,6 +1,2 @@ -allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; + diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index c57ef34..033042b 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -1,16 +1 @@ -allow hal_health_default mnt_vendor_file:dir search; -allow hal_health_default persist_file:dir search; -allow hal_health_default persist_battery_file:file create_file_perms; -allow hal_health_default persist_battery_file:dir rw_dir_perms; - -set_prop(hal_health_default, vendor_battery_defender_prop) -set_prop(hal_health_default, vendor_shutdown_prop) - -allow hal_health_default fwk_stats_service:service_manager find; - -# Access to /sys/devices/platform/13200000.ufs/* -allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; - -allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/kernel.te b/vendor/kernel.te deleted file mode 100644 index 0f2e18e..0000000 --- a/vendor/kernel.te +++ /dev/null @@ -1,15 +0,0 @@ -allow kernel vendor_fw_file:dir search; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te deleted file mode 100644 index e9c8d78..0000000 --- a/vendor/pixeldisplayservice_app.te +++ /dev/null @@ -1,2 +0,0 @@ -allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; -binder_call(pixeldisplayservice_app, hal_graphics_composer_default) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 192616b..14824fc 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,28 +1,5 @@ -# Batery history -allow pixelstats_vendor battery_history_device:chr_file r_file_perms; - -# BCL -allow pixelstats_vendor sysfs_bcl:dir search; -allow pixelstats_vendor sysfs_bcl:file r_file_perms; -allow pixelstats_vendor mitigation_vendor_data_file:dir search; -allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; -get_prop(pixelstats_vendor, vendor_brownout_reason_prop); - #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; - -# PCIe Link Statistics -allow pixelstats_vendor sysfs_pcie:dir search; -allow pixelstats_vendor sysfs_pcie:file rw_file_perms; - -allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; - -#Thermal -r_dir_file(pixelstats_vendor, sysfs_thermal) -allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts deleted file mode 100644 index ed23ae5..0000000 --- a/vendor/seapp_contexts +++ /dev/null @@ -1,15 +0,0 @@ -# Domain for EuiccSupportPixel -user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all - -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - -# Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - -# CccDkTimeSyncService -user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index f202935..66c4d34 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -17,8 +17,15 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/pr BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/whitechapel_pro +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/private +SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/public +SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/private +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/vendor +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio +PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio/private +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/tracking_denials +PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/public PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private - From 5e2e8df6e9d53176105757386f0d532f25cf2994 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 23 Aug 2023 16:16:36 +0800 Subject: [PATCH 042/321] Remove camera duplicate config Bug: 296187211 Test: make selinux_policy Merged-In: I030b4f5c59383478355ac2cee8363f45c8101041 Change-Id: I105f5b282c29874b4fb6595fc808f5ae033e75d3 --- legacy/vendor/debug_camera_app.te | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te index 37a19ec..16fb321 100644 --- a/legacy/vendor/debug_camera_app.te +++ b/legacy/vendor/debug_camera_app.te @@ -1,14 +1,5 @@ userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; @@ -18,9 +9,6 @@ userdebug_or_eng(` allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; ') From dbe23f1ab50b15c4be90707b5491f7065a26f478 Mon Sep 17 00:00:00 2001 From: Vania Januar Date: Wed, 23 Aug 2023 12:49:55 +0000 Subject: [PATCH 043/321] Revert "Revert^2 commit 2c99c990d366898f9766533c3cdf3858b7e2a70b"" This reverts commit 9bd666007d59b2fa9654eca74c204dd60f26cd9c. Reason for revert: build break b/297170337 Change-Id: I2459b680bb3153d3d7e0f17761b4a825da942bcc --- legacy/OWNERS | 3 - .../system_ext/private/property_contexts | 2 - legacy/legacy/system_ext/public/property.te | 2 - legacy/legacy/whitechapel_pro/keys.conf | 5 - legacy/{legacy => }/private/property_contexts | 0 legacy/radio/keys.conf | 3 - legacy/radio/radio.te | 8 - legacy/radio/rild.te | 42 -- legacy/system_ext/private/property_contexts | 2 + legacy/system_ext/private/seapp_contexts | 0 legacy/system_ext/private/systemui_app.te | 20 - legacy/system_ext/public/property.te | 6 +- legacy/system_ext/public/systemui_app.te | 0 legacy/tracking_denials/README.txt | 2 - legacy/tracking_denials/bug_map | 10 - legacy/tracking_denials/kernel.te | 2 - legacy/vendor/certs/app.x509.pem | 27 - legacy/vendor/certs/camera_eng.x509.pem | 17 - legacy/vendor/certs/camera_fishfood.x509.pem | 15 - ...ogle_android_apps_camera_services.x509.pem | 30 - legacy/vendor/chre.te | 16 - legacy/vendor/con_monitor_app.te | 12 - legacy/vendor/device.te | 29 - .../disable-contaminant-detection-sh.te | 7 - legacy/vendor/dump_cma.te | 7 - legacy/vendor/fastbootd.te | 6 - legacy/vendor/file.te | 57 -- legacy/vendor/file_contexts | 181 ------ legacy/vendor/genfs_contexts | 501 ---------------- legacy/vendor/google_camera_app.te | 23 - legacy/vendor/gxp_logging.te | 22 - .../vendor/hal_graphics_allocator_default.te | 6 - legacy/vendor/hal_health_default.te | 16 - legacy/vendor/kernel.te | 24 - legacy/vendor/pixeldisplayservice_app.te | 11 - legacy/vendor/pixelstats_vendor.te | 35 -- legacy/vendor/seapp_contexts | 31 - .../{legacy => }/whitechapel_pro/attributes | 0 .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 legacy/{legacy => }/whitechapel_pro/device.te | 3 + legacy/{legacy => }/whitechapel_pro/file.te | 3 + .../whitechapel_pro/file_contexts | 5 + .../whitechapel_pro/genfs_contexts | 0 .../hal_input_processor_default.te | 0 legacy/whitechapel_pro/keys.conf | 5 + .../whitechapel_pro/mac_permissions.xml | 0 .../{legacy => }/whitechapel_pro/property.te | 0 .../whitechapel_pro/property_contexts | 0 .../{legacy => }/whitechapel_pro/service.te | 0 .../whitechapel_pro/service_contexts | 0 legacy/{legacy => }/whitechapel_pro/te_macros | 0 .../whitechapel_pro/vndservice.te | 0 .../whitechapel_pro/vndservice_contexts | 0 {legacy/private => private}/vendor_init.te | 0 {legacy/radio => radio}/bipchmgr.te | 0 .../radio => radio}/cat_engine_service_app.te | 0 {legacy/radio => radio}/cbd.te | 0 {legacy/radio => radio}/cbrs_setup.te | 0 .../certs/com_google_mds.x509.pem | 0 {legacy/radio => radio}/device.te | 0 {legacy/radio => radio}/dmd.te | 0 {legacy/radio => radio}/file.te | 0 {legacy/radio => radio}/file_contexts | 0 {legacy/radio => radio}/fsck.te | 0 {legacy/radio => radio}/genfs_contexts | 5 +- {legacy/radio => radio}/gpsd.te | 0 {legacy/radio => radio}/grilservice_app.te | 1 - .../radio => radio}/hal_radioext_default.te | 1 - {legacy/radio => radio}/hwservice.te | 0 {legacy/radio => radio}/hwservice_contexts | 0 {legacy/radio => radio}/hwservicemanager.te | 0 {legacy/radio => radio}/init.te | 0 {legacy/radio => radio}/init_radio.te | 0 radio/keys.conf | 3 + {legacy/radio => radio}/logger_app.te | 3 - {legacy/radio => radio}/mac_permissions.xml | 0 .../radio => radio}/modem_diagnostic_app.te | 0 .../radio => radio}/modem_logging_control.te | 0 {legacy/radio => radio}/modem_ml_svc_sit.te | 0 {legacy/radio => radio}/modem_svc_sit.te | 0 {legacy/radio => radio}/oemrilservice_app.te | 0 {legacy/radio => radio}/private/radio.te | 0 .../radio => radio}/private/service_contexts | 0 {legacy/radio => radio}/property.te | 0 {legacy/radio => radio}/property_contexts | 0 radio/radio.te | 6 + {legacy/radio => radio}/rfsd.te | 0 {legacy/radio => radio}/sced.te | 0 {legacy/radio => radio}/seapp_contexts | 0 {legacy/radio => radio}/ssr_detector.te | 0 {legacy/radio => radio}/vcd.te | 0 .../vendor_engineermode_app.te | 0 {legacy/radio => radio}/vendor_ims_app.te | 0 .../radio => radio}/vendor_ims_remote_app.te | 0 {legacy/radio => radio}/vendor_init.te | 0 .../vendor_qualifiednetworks_app.te | 0 {legacy/radio => radio}/vendor_rcs_app.te | 0 .../radio => radio}/vendor_rcs_service_app.te | 0 .../vendor_silentlogging_remote_app.te | 0 .../vendor_telephony_debug_app.te | 0 .../vendor_telephony_silentlogging_app.te | 0 .../vendor_telephony_test_app.te | 0 {legacy/radio => radio}/vold.te | 0 .../private/platform_app.te | 0 tracking_denials/con_monitor_app.te | 36 ++ tracking_denials/dumpstate.te | 2 + tracking_denials/fastbootd.te | 4 + tracking_denials/hal_sensors_default.te | 3 + tracking_denials/hal_usb_impl.te | 2 + tracking_denials/incidentd.te | 3 + tracking_denials/kernel.te | 7 + .../rebalance_interrupts_vendor.te | 0 tracking_denials/ssr_detector_app.te | 6 + tracking_denials/update_engine.te | 2 + tracking_denials/vendor_init.te | 3 + {legacy/vendor => vendor}/audioserver.te | 0 {legacy/vendor => vendor}/bootanim.te | 0 .../vendor => vendor}/cccdk_timesync_app.te | 3 +- {legacy/vendor => vendor}/charger_vendor.te | 0 vendor/chre.te | 16 + vendor/con_monitor_app.te | 3 + {legacy/vendor => vendor}/debug_camera_app.te | 5 - vendor/device.te | 19 + {legacy/vendor => vendor}/domain.te | 0 {legacy/vendor => vendor}/dump_gsa.te | 0 {legacy/vendor => vendor}/dump_power.te | 0 {legacy/vendor => vendor}/dump_wlan.te | 0 {legacy/vendor => vendor}/dumpstate.te | 0 {legacy/vendor => vendor}/e2fs.te | 0 {legacy/vendor => vendor}/euiccpixel_app.te | 0 vendor/file.te | 53 +- vendor/file_contexts | 179 +++++- {legacy/vendor => vendor}/fsck.te | 0 vendor/genfs_contexts | 555 ++++++++++++++++-- vendor/google_camera_app.te | 7 + .../hal_bluetooth_btlinux.te | 0 .../vendor => vendor}/hal_bootctl_default.te | 4 - .../vendor => vendor}/hal_camera_default.te | 10 - .../hal_contexthub_default.te | 0 .../hal_fingerprint_default.te | 4 - vendor/hal_graphics_allocator_default.te | 6 +- .../hal_graphics_composer_default.te | 0 vendor/hal_health_default.te | 15 + .../vendor => vendor}/hal_memtrack_default.te | 0 {legacy/vendor => vendor}/hal_nfc_default.te | 0 .../vendor => vendor}/hal_power_default.te | 4 +- .../hal_power_stats_default.te | 1 - .../vendor => vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../hal_secure_element_uicc.te | 0 .../vendor => vendor}/hal_sensors_default.te | 6 - .../vendor => vendor}/hal_thermal_default.te | 0 .../vendor => vendor}/hal_usb_gadget_impl.te | 0 {legacy/vendor => vendor}/hal_usb_impl.te | 1 - .../hal_uwb_vendor_default.te | 4 - {legacy/vendor => vendor}/hal_wifi_ext.te | 0 .../vendor => vendor}/hal_wireless_charger.te | 0 {legacy/vendor => vendor}/hwservice.te | 0 {legacy/vendor => vendor}/hwservice_contexts | 0 {legacy/vendor => vendor}/init.te | 0 {legacy/vendor => vendor}/insmod-sh.te | 0 {legacy/vendor => vendor}/installd.te | 0 vendor/kernel.te | 15 + {legacy/vendor => vendor}/logd.te | 0 {legacy/vendor => vendor}/mac_permissions.xml | 0 .../vendor => vendor}/mediacodec_google.te | 1 - vendor/pixeldisplayservice_app.te | 2 + vendor/pixelstats_vendor.te | 23 + {legacy/vendor => vendor}/platform_app.te | 0 {legacy/vendor => vendor}/property.te | 6 - {legacy/vendor => vendor}/property_contexts | 7 - {legacy/vendor => vendor}/ramdump_app.te | 0 {legacy/vendor => vendor}/recovery.te | 0 {legacy/vendor => vendor}/rlsservice.te | 0 vendor/seapp_contexts | 15 + {legacy/vendor => vendor}/service.te | 0 {legacy/vendor => vendor}/service_contexts | 0 {legacy/vendor => vendor}/shell.te | 0 {legacy/vendor => vendor}/surfaceflinger.te | 0 {legacy/vendor => vendor}/system_app.te | 0 {legacy/vendor => vendor}/system_server.te | 1 - {legacy/vendor => vendor}/systemui_app.te | 0 {legacy/vendor => vendor}/tcpdump_logger.te | 0 {legacy/vendor => vendor}/tee.te | 0 {legacy/vendor => vendor}/toolbox.te | 0 {legacy/vendor => vendor}/trusty_apploader.te | 0 {legacy/vendor => vendor}/trusty_metricsd.te | 0 {legacy/vendor => vendor}/twoshay.te | 0 .../vendor => vendor}/ufs_firmware_update.te | 0 {legacy/vendor => vendor}/update_engine.te | 1 + {legacy/vendor => vendor}/uwb_vendor_app.te | 0 {legacy/vendor => vendor}/vendor_init.te | 12 +- {legacy/vendor => vendor}/vendor_uwb_init.te | 3 - {legacy/vendor => vendor}/vndservice.te | 0 {legacy/vendor => vendor}/vndservice_contexts | 0 {legacy/vendor => vendor}/wifi_sniffer.te | 0 {legacy/widevine => widevine}/file.te | 0 {legacy/widevine => widevine}/file_contexts | 0 .../widevine => widevine}/hal_drm_clearkey.te | 0 .../widevine => widevine}/hal_drm_widevine.te | 0 .../widevine => widevine}/service_contexts | 0 zumapro-sepolicy.mk | 11 +- 203 files changed, 975 insertions(+), 1300 deletions(-) delete mode 100644 legacy/OWNERS delete mode 100644 legacy/legacy/system_ext/private/property_contexts delete mode 100644 legacy/legacy/system_ext/public/property.te delete mode 100644 legacy/legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/private/property_contexts (100%) delete mode 100644 legacy/radio/keys.conf delete mode 100644 legacy/radio/radio.te delete mode 100644 legacy/radio/rild.te delete mode 100644 legacy/system_ext/private/seapp_contexts delete mode 100644 legacy/system_ext/private/systemui_app.te delete mode 100644 legacy/system_ext/public/systemui_app.te delete mode 100644 legacy/tracking_denials/README.txt delete mode 100644 legacy/tracking_denials/bug_map delete mode 100644 legacy/tracking_denials/kernel.te delete mode 100644 legacy/vendor/certs/app.x509.pem delete mode 100644 legacy/vendor/certs/camera_eng.x509.pem delete mode 100644 legacy/vendor/certs/camera_fishfood.x509.pem delete mode 100644 legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem delete mode 100644 legacy/vendor/chre.te delete mode 100644 legacy/vendor/con_monitor_app.te delete mode 100644 legacy/vendor/device.te delete mode 100644 legacy/vendor/disable-contaminant-detection-sh.te delete mode 100644 legacy/vendor/dump_cma.te delete mode 100644 legacy/vendor/fastbootd.te delete mode 100644 legacy/vendor/file.te delete mode 100644 legacy/vendor/file_contexts delete mode 100644 legacy/vendor/genfs_contexts delete mode 100644 legacy/vendor/google_camera_app.te delete mode 100644 legacy/vendor/gxp_logging.te delete mode 100644 legacy/vendor/hal_graphics_allocator_default.te delete mode 100644 legacy/vendor/hal_health_default.te delete mode 100644 legacy/vendor/kernel.te delete mode 100644 legacy/vendor/pixeldisplayservice_app.te delete mode 100644 legacy/vendor/pixelstats_vendor.te delete mode 100644 legacy/vendor/seapp_contexts rename legacy/{legacy => }/whitechapel_pro/attributes (100%) rename legacy/{legacy => }/whitechapel_pro/certs/EuiccSupportPixel.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/certs/com_qorvo_uwb.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/device.te (70%) rename legacy/{legacy => }/whitechapel_pro/file.te (82%) rename legacy/{legacy => }/whitechapel_pro/file_contexts (93%) rename legacy/{legacy => }/whitechapel_pro/genfs_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/hal_input_processor_default.te (100%) create mode 100644 legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/whitechapel_pro/mac_permissions.xml (100%) rename legacy/{legacy => }/whitechapel_pro/property.te (100%) rename legacy/{legacy => }/whitechapel_pro/property_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/service.te (100%) rename legacy/{legacy => }/whitechapel_pro/service_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/te_macros (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice.te (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice_contexts (100%) rename {legacy/private => private}/vendor_init.te (100%) rename {legacy/radio => radio}/bipchmgr.te (100%) rename {legacy/radio => radio}/cat_engine_service_app.te (100%) rename {legacy/radio => radio}/cbd.te (100%) rename {legacy/radio => radio}/cbrs_setup.te (100%) rename {legacy/radio => radio}/certs/com_google_mds.x509.pem (100%) rename {legacy/radio => radio}/device.te (100%) rename {legacy/radio => radio}/dmd.te (100%) rename {legacy/radio => radio}/file.te (100%) rename {legacy/radio => radio}/file_contexts (100%) rename {legacy/radio => radio}/fsck.te (100%) rename {legacy/radio => radio}/genfs_contexts (63%) rename {legacy/radio => radio}/gpsd.te (100%) rename {legacy/radio => radio}/grilservice_app.te (92%) rename {legacy/radio => radio}/hal_radioext_default.te (92%) rename {legacy/radio => radio}/hwservice.te (100%) rename {legacy/radio => radio}/hwservice_contexts (100%) rename {legacy/radio => radio}/hwservicemanager.te (100%) rename {legacy/radio => radio}/init.te (100%) rename {legacy/radio => radio}/init_radio.te (100%) create mode 100644 radio/keys.conf rename {legacy/radio => radio}/logger_app.te (91%) rename {legacy/radio => radio}/mac_permissions.xml (100%) rename {legacy/radio => radio}/modem_diagnostic_app.te (100%) rename {legacy/radio => radio}/modem_logging_control.te (100%) rename {legacy/radio => radio}/modem_ml_svc_sit.te (100%) rename {legacy/radio => radio}/modem_svc_sit.te (100%) rename {legacy/radio => radio}/oemrilservice_app.te (100%) rename {legacy/radio => radio}/private/radio.te (100%) rename {legacy/radio => radio}/private/service_contexts (100%) rename {legacy/radio => radio}/property.te (100%) rename {legacy/radio => radio}/property_contexts (100%) rename {legacy/radio => radio}/rfsd.te (100%) rename {legacy/radio => radio}/sced.te (100%) rename {legacy/radio => radio}/seapp_contexts (100%) rename {legacy/radio => radio}/ssr_detector.te (100%) rename {legacy/radio => radio}/vcd.te (100%) rename {legacy/radio => radio}/vendor_engineermode_app.te (100%) rename {legacy/radio => radio}/vendor_ims_app.te (100%) rename {legacy/radio => radio}/vendor_ims_remote_app.te (100%) rename {legacy/radio => radio}/vendor_init.te (100%) rename {legacy/radio => radio}/vendor_qualifiednetworks_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_service_app.te (100%) rename {legacy/radio => radio}/vendor_silentlogging_remote_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_debug_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_silentlogging_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_test_app.te (100%) rename {legacy/radio => radio}/vold.te (100%) rename {legacy/system_ext => system_ext}/private/platform_app.te (100%) create mode 100644 tracking_denials/con_monitor_app.te create mode 100644 tracking_denials/dumpstate.te create mode 100644 tracking_denials/fastbootd.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/hal_usb_impl.te create mode 100644 tracking_denials/incidentd.te create mode 100644 tracking_denials/kernel.te rename {legacy/tracking_denials => tracking_denials}/rebalance_interrupts_vendor.te (100%) create mode 100644 tracking_denials/ssr_detector_app.te create mode 100644 tracking_denials/update_engine.te create mode 100644 tracking_denials/vendor_init.te rename {legacy/vendor => vendor}/audioserver.te (100%) rename {legacy/vendor => vendor}/bootanim.te (100%) rename {legacy/vendor => vendor}/cccdk_timesync_app.te (77%) rename {legacy/vendor => vendor}/charger_vendor.te (100%) create mode 100644 vendor/con_monitor_app.te rename {legacy/vendor => vendor}/debug_camera_app.te (75%) rename {legacy/vendor => vendor}/domain.te (100%) rename {legacy/vendor => vendor}/dump_gsa.te (100%) rename {legacy/vendor => vendor}/dump_power.te (100%) rename {legacy/vendor => vendor}/dump_wlan.te (100%) rename {legacy/vendor => vendor}/dumpstate.te (100%) rename {legacy/vendor => vendor}/e2fs.te (100%) rename {legacy/vendor => vendor}/euiccpixel_app.te (100%) rename {legacy/vendor => vendor}/fsck.te (100%) create mode 100644 vendor/google_camera_app.te rename {legacy/vendor => vendor}/hal_bluetooth_btlinux.te (100%) rename {legacy/vendor => vendor}/hal_bootctl_default.te (77%) rename {legacy/vendor => vendor}/hal_camera_default.te (91%) rename {legacy/vendor => vendor}/hal_contexthub_default.te (100%) rename {legacy/vendor => vendor}/hal_fingerprint_default.te (91%) rename {legacy/vendor => vendor}/hal_graphics_composer_default.te (100%) rename {legacy/vendor => vendor}/hal_memtrack_default.te (100%) rename {legacy/vendor => vendor}/hal_nfc_default.te (100%) rename {legacy/vendor => vendor}/hal_power_default.te (66%) rename {legacy/vendor => vendor}/hal_power_stats_default.te (94%) rename {legacy/vendor => vendor}/hal_radioext_default.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_uicc.te (100%) rename {legacy/vendor => vendor}/hal_sensors_default.te (91%) rename {legacy/vendor => vendor}/hal_thermal_default.te (100%) rename {legacy/vendor => vendor}/hal_usb_gadget_impl.te (100%) rename {legacy/vendor => vendor}/hal_usb_impl.te (93%) rename {legacy/vendor => vendor}/hal_uwb_vendor_default.te (54%) rename {legacy/vendor => vendor}/hal_wifi_ext.te (100%) rename {legacy/vendor => vendor}/hal_wireless_charger.te (100%) rename {legacy/vendor => vendor}/hwservice.te (100%) rename {legacy/vendor => vendor}/hwservice_contexts (100%) rename {legacy/vendor => vendor}/init.te (100%) rename {legacy/vendor => vendor}/insmod-sh.te (100%) rename {legacy/vendor => vendor}/installd.te (100%) create mode 100644 vendor/kernel.te rename {legacy/vendor => vendor}/logd.te (100%) rename {legacy/vendor => vendor}/mac_permissions.xml (100%) rename {legacy/vendor => vendor}/mediacodec_google.te (95%) create mode 100644 vendor/pixeldisplayservice_app.te rename {legacy/vendor => vendor}/platform_app.te (100%) rename {legacy/vendor => vendor}/property.te (75%) rename {legacy/vendor => vendor}/property_contexts (78%) rename {legacy/vendor => vendor}/ramdump_app.te (100%) rename {legacy/vendor => vendor}/recovery.te (100%) rename {legacy/vendor => vendor}/rlsservice.te (100%) create mode 100644 vendor/seapp_contexts rename {legacy/vendor => vendor}/service.te (100%) rename {legacy/vendor => vendor}/service_contexts (100%) rename {legacy/vendor => vendor}/shell.te (100%) rename {legacy/vendor => vendor}/surfaceflinger.te (100%) rename {legacy/vendor => vendor}/system_app.te (100%) rename {legacy/vendor => vendor}/system_server.te (82%) rename {legacy/vendor => vendor}/systemui_app.te (100%) rename {legacy/vendor => vendor}/tcpdump_logger.te (100%) rename {legacy/vendor => vendor}/tee.te (100%) rename {legacy/vendor => vendor}/toolbox.te (100%) rename {legacy/vendor => vendor}/trusty_apploader.te (100%) rename {legacy/vendor => vendor}/trusty_metricsd.te (100%) rename {legacy/vendor => vendor}/twoshay.te (100%) rename {legacy/vendor => vendor}/ufs_firmware_update.te (100%) rename {legacy/vendor => vendor}/update_engine.te (74%) rename {legacy/vendor => vendor}/uwb_vendor_app.te (100%) rename {legacy/vendor => vendor}/vendor_init.te (84%) rename {legacy/vendor => vendor}/vendor_uwb_init.te (53%) rename {legacy/vendor => vendor}/vndservice.te (100%) rename {legacy/vendor => vendor}/vndservice_contexts (100%) rename {legacy/vendor => vendor}/wifi_sniffer.te (100%) rename {legacy/widevine => widevine}/file.te (100%) rename {legacy/widevine => widevine}/file_contexts (100%) rename {legacy/widevine => widevine}/hal_drm_clearkey.te (100%) rename {legacy/widevine => widevine}/hal_drm_widevine.te (100%) rename {legacy/widevine => widevine}/service_contexts (100%) diff --git a/legacy/OWNERS b/legacy/OWNERS deleted file mode 100644 index 791abb4..0000000 --- a/legacy/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -include platform/system/sepolicy:/OWNERS - -rurumihong@google.com diff --git a/legacy/legacy/system_ext/private/property_contexts b/legacy/legacy/system_ext/private/property_contexts deleted file mode 100644 index 9f462bd..0000000 --- a/legacy/legacy/system_ext/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/legacy/system_ext/public/property.te b/legacy/legacy/system_ext/public/property.te deleted file mode 100644 index 8908e48..0000000 --- a/legacy/legacy/system_ext/public/property.te +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/legacy/whitechapel_pro/keys.conf b/legacy/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index acc82e4..0000000 --- a/legacy/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/private/property_contexts b/legacy/private/property_contexts similarity index 100% rename from legacy/legacy/private/property_contexts rename to legacy/private/property_contexts diff --git a/legacy/radio/keys.conf b/legacy/radio/keys.conf deleted file mode 100644 index 4784c60..0000000 --- a/legacy/radio/keys.conf +++ /dev/null @@ -1,3 +0,0 @@ -[@MDS] -ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem - diff --git a/legacy/radio/radio.te b/legacy/radio/radio.te deleted file mode 100644 index 221c812..0000000 --- a/legacy/radio/radio.te +++ /dev/null @@ -1,8 +0,0 @@ -set_prop(radio, telephony_ril_prop) - -allow radio radio_vendor_data_file:dir rw_dir_perms; -allow radio radio_vendor_data_file:file create_file_perms; -allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; -allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rild.te b/legacy/radio/rild.te deleted file mode 100644 index 3a2bac7..0000000 --- a/legacy/radio/rild.te +++ /dev/null @@ -1,42 +0,0 @@ -set_prop(rild, vendor_rild_prop) -set_prop(rild, vendor_modem_prop) -get_prop(rild, vendor_persist_config_default_prop) -get_prop(rild, vendor_carrier_prop) - -get_prop(rild, sota_prop) -get_prop(rild, system_boot_reason_prop) - -set_prop(rild, telephony_ril_prop) - -allow rild proc_net:file rw_file_perms; -allow rild radio_vendor_data_file:dir create_dir_perms; -allow rild radio_vendor_data_file:file create_file_perms; -allow rild rild_vendor_data_file:dir create_dir_perms; -allow rild rild_vendor_data_file:file create_file_perms; -allow rild vendor_fw_file:file r_file_perms; -allow rild mnt_vendor_file:dir r_dir_perms; - -r_dir_file(rild, modem_img_file) - -binder_call(rild, bipchmgr) -binder_call(rild, gpsd) -binder_call(rild, hal_audio_default) -binder_call(rild, modem_svc_sit) -binder_call(rild, vendor_ims_app) -binder_call(rild, vendor_rcs_app) -binder_call(rild, oemrilservice_app) -binder_call(rild, hal_secure_element_uicc) -binder_call(rild, grilservice_app) -binder_call(rild, vendor_engineermode_app) -binder_call(rild, vendor_telephony_debug_app) -binder_call(rild, logger_app) - -crash_dump_fallback(rild) - -# for hal service -add_hwservice(rild, hal_exynos_rild_hwservice) - -# Allow rild to access files on modem img. -allow rild modem_img_file:dir r_dir_perms; -allow rild modem_img_file:file r_file_perms; -allow rild modem_img_file:lnk_file r_file_perms; diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts index e69de29..9f462bd 100644 --- a/legacy/system_ext/private/property_contexts +++ b/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/private/seapp_contexts b/legacy/system_ext/private/seapp_contexts deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/system_ext/private/systemui_app.te b/legacy/system_ext/private/systemui_app.te deleted file mode 100644 index 99f30ac..0000000 --- a/legacy/system_ext/private/systemui_app.te +++ /dev/null @@ -1,20 +0,0 @@ - -allow systemui_app app_api_service:service_manager find; -allow systemui_app network_score_service:service_manager find; -allow systemui_app overlay_service:service_manager find; -allow systemui_app color_display_service:service_manager find; -allow systemui_app audioserver_service:service_manager find; -allow systemui_app cameraserver_service:service_manager find; -allow systemui_app mediaserver_service:service_manager find; -allow systemui_app mediaextractor_service:service_manager find; -allow systemui_app mediametrics_service:service_manager find; -allow systemui_app radio_service:service_manager find; -allow systemui_app vr_manager_service:service_manager find; -allow systemui_app nfc_service:service_manager find; -allow systemui_app adb_service:service_manager find; -allow systemui_app statsmanager_service:service_manager find; - -get_prop(systemui_app, keyguard_config_prop) -set_prop(systemui_app, bootanim_system_prop) -get_prop(systemui_app, qemu_hw_prop) - diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te index 2b30a6a..8908e48 100644 --- a/legacy/system_ext/public/property.te +++ b/legacy/system_ext/public/property.te @@ -1,4 +1,2 @@ -# Telephony -userdebug_or_eng(` - set_prop(shell, telephony_ril_prop) -') +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/system_ext/public/systemui_app.te b/legacy/system_ext/public/systemui_app.te deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/tracking_denials/README.txt b/legacy/tracking_denials/README.txt deleted file mode 100644 index 6cfc62d..0000000 --- a/legacy/tracking_denials/README.txt +++ /dev/null @@ -1,2 +0,0 @@ -This folder stores known errors detected by PTS. Be sure to remove relevant -files to reproduce error log on latest ROMs. diff --git a/legacy/tracking_denials/bug_map b/legacy/tracking_denials/bug_map deleted file mode 100644 index 74f2fbb..0000000 --- a/legacy/tracking_denials/bug_map +++ /dev/null @@ -1,10 +0,0 @@ -dump_gxp vendor_gxp_prop file b/287898138 -dumpstate app_zygote process b/288049050 -hal_uwb_default debugfs file b/288049522 -incidentd debugfs_wakeup_sources file b/288049561 -incidentd incidentd anon_inode b/288049561 -insmod-sh insmod-sh key b/274374722 -insmod-sh vendor_regmap_debugfs dir b/274727542 -mtectrl unlabeled dir b/264483752 -systemui_app wm_trace_data_file dir b/288049075 -vendor_init proc file b/289856761 diff --git a/legacy/tracking_denials/kernel.te b/legacy/tracking_denials/kernel.te deleted file mode 100644 index 41b91bd..0000000 --- a/legacy/tracking_denials/kernel.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/vendor/certs/app.x509.pem b/legacy/vendor/certs/app.x509.pem deleted file mode 100644 index 8e3e627..0000000 --- a/legacy/vendor/certs/app.x509.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR -24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy -xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X -W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC -69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA -cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw -HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c -xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP -zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla -XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a -IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a -ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW -Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_eng.x509.pem b/legacy/vendor/certs/camera_eng.x509.pem deleted file mode 100644 index 011a9ec..0000000 --- a/legacy/vendor/certs/camera_eng.x509.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx -EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw -NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE -ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO -OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR -+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb -+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg -UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX -TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj -rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB -TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK -pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY -DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG -ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 -rscXTxYEf4Tqovc= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_fishfood.x509.pem b/legacy/vendor/certs/camera_fishfood.x509.pem deleted file mode 100644 index fb11572..0000000 --- a/legacy/vendor/certs/camera_fishfood.x509.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ -BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n -bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w -HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL -MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv -b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 -bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ -jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B -IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe -tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td -0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg -Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b -aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem deleted file mode 100644 index 7b8c5b2..0000000 --- a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU -MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n -bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz -MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N -b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G -A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP -1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR -UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 -4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL -jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 -pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 -VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 -A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO -sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV -eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO -nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI -hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 -YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm -FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr -njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI -hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e -JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 -IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA -V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H -r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F -DB17LhMLl0GxX9j1 ------END CERTIFICATE----- diff --git a/legacy/vendor/chre.te b/legacy/vendor/chre.te deleted file mode 100644 index a1d1ca5..0000000 --- a/legacy/vendor/chre.te +++ /dev/null @@ -1,16 +0,0 @@ -type chre, domain; -type chre_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(chre) - -# Permit communication with AoC -allow chre aoc_device:chr_file rw_file_perms; - -# Allow CHRE to determine AoC's current clock -allow chre sysfs_aoc:dir search; -allow chre sysfs_aoc_boottime:file r_file_perms; - -# Allow CHRE to create thread to watch AOC's device -allow chre device:dir r_dir_perms; - -# Allow CHRE to use WakeLock -wakelock_use(chre) diff --git a/legacy/vendor/con_monitor_app.te b/legacy/vendor/con_monitor_app.te deleted file mode 100644 index 7690191..0000000 --- a/legacy/vendor/con_monitor_app.te +++ /dev/null @@ -1,12 +0,0 @@ -# ConnectivityMonitor app -type con_monitor_app, domain; -app_domain(con_monitor_app); - -allow con_monitor_app app_api_service:service_manager find; -allow con_monitor_app batterystats_service:service_manager find; -allow con_monitor_app virtual_device_service:service_manager find; - -binder_call(con_monitor_app, system_server); -binder_call(con_monitor_app, servicemanager); - -set_prop(con_monitor_app, radio_prop); diff --git a/legacy/vendor/device.te b/legacy/vendor/device.te deleted file mode 100644 index f63086d..0000000 --- a/legacy/vendor/device.te +++ /dev/null @@ -1,29 +0,0 @@ -type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; -type mfg_data_block_device, dev_type; -type ufs_internal_block_device, dev_type; -type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; -type hw_jpg_device, dev_type; -userdebug_or_eng(` - typeattribute hw_jpg_device mlstrustedobject; -') -type fingerprint_device, dev_type; -type uci_device, dev_type; - -# Dmabuf heaps -type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; -type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; -type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; - -# SecureElement SPI device -type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/vendor/disable-contaminant-detection-sh.te b/legacy/vendor/disable-contaminant-detection-sh.te deleted file mode 100644 index 95845a1..0000000 --- a/legacy/vendor/disable-contaminant-detection-sh.te +++ /dev/null @@ -1,7 +0,0 @@ -type disable-contaminant-detection-sh, domain; -type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(disable-contaminant-detection-sh) - -allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; -allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; -allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/dump_cma.te b/legacy/vendor/dump_cma.te deleted file mode 100644 index bf5edf2..0000000 --- a/legacy/vendor/dump_cma.te +++ /dev/null @@ -1,7 +0,0 @@ -pixel_bugreport(dump_cma) - -userdebug_or_eng(` - allow dump_cma vendor_toolbox_exec:file execute_no_trans; - allow dump_cma vendor_cma_debugfs:dir r_dir_perms; - allow dump_cma vendor_cma_debugfs:file r_file_perms; -') diff --git a/legacy/vendor/fastbootd.te b/legacy/vendor/fastbootd.te deleted file mode 100644 index c7f6a88..0000000 --- a/legacy/vendor/fastbootd.te +++ /dev/null @@ -1,6 +0,0 @@ -recovery_only(` - allow fastbootd devinfo_block_device:blk_file rw_file_perms; - allow fastbootd sda_block_device:blk_file rw_file_perms; - allow fastbootd sysfs_ota:file rw_file_perms; - allow fastbootd st54spi_device:chr_file rw_file_perms; -') diff --git a/legacy/vendor/file.te b/legacy/vendor/file.te deleted file mode 100644 index 357643a..0000000 --- a/legacy/vendor/file.te +++ /dev/null @@ -1,57 +0,0 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; -type sysfs_pca, sysfs_type, fs_type; -type sysfs_aoc_udfps, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; -type sysfs_gsa_log, sysfs_type, fs_type; - -# Gxp sysfs file -type sysfs_gxp, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; -type sysfs_ospm, sysfs_type, fs_type; diff --git a/legacy/vendor/file_contexts b/legacy/vendor/file_contexts deleted file mode 100644 index 912e59d..0000000 --- a/legacy/vendor/file_contexts +++ /dev/null @@ -1,181 +0,0 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 -# Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautius u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 -/dev/video12 u:object_r:hw_jpg_device:s0 -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/vendor/genfs_contexts b/legacy/vendor/genfs_contexts deleted file mode 100644 index 809910b..0000000 --- a/legacy/vendor/genfs_contexts +++ /dev/null @@ -1,501 +0,0 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# OSPM -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - -# debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 - -# Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - -# disable contaminant detection -genfscon sysfs /devices/platform/10cb0000.hsi2c u:object_r:sysfs_batteryinfo:s0 - -# Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/legacy/vendor/google_camera_app.te b/legacy/vendor/google_camera_app.te deleted file mode 100644 index f9f5fa0..0000000 --- a/legacy/vendor/google_camera_app.te +++ /dev/null @@ -1,23 +0,0 @@ - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - -# Allows GCA to acccess the GXP device. -allow google_camera_app gxp_device:chr_file rw_file_perms; - -# Allow GCA to access the GXP properies. -get_prop(google_camera_app, vendor_gxp_prop) - -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/legacy/vendor/gxp_logging.te b/legacy/vendor/gxp_logging.te deleted file mode 100644 index fb78c53..0000000 --- a/legacy/vendor/gxp_logging.te +++ /dev/null @@ -1,22 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow logging service to access /sys/class/gxp -allow gxp_logging sysfs_gxp:dir search; -allow gxp_logging sysfs_gxp:file rw_file_perms; - -# Allow logging service to log to stats service for reporting metrics. -allow gxp_logging fwk_stats_service:service_manager find; -binder_call(gxp_logging, system_server); -binder_use(gxp_logging) - -# Allow logging service to read gxp properties. -get_prop(gxp_logging, vendor_gxp_prop) - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/legacy/vendor/hal_graphics_allocator_default.te b/legacy/vendor/hal_graphics_allocator_default.te deleted file mode 100644 index b624db1..0000000 --- a/legacy/vendor/hal_graphics_allocator_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; diff --git a/legacy/vendor/hal_health_default.te b/legacy/vendor/hal_health_default.te deleted file mode 100644 index 36e6cb1..0000000 --- a/legacy/vendor/hal_health_default.te +++ /dev/null @@ -1,16 +0,0 @@ -allow hal_health_default mnt_vendor_file:dir search; -allow hal_health_default persist_file:dir search; -allow hal_health_default persist_battery_file:file create_file_perms; -allow hal_health_default persist_battery_file:dir rw_dir_perms; - -set_prop(hal_health_default, vendor_battery_defender_prop) -set_prop(hal_health_default, vendor_shutdown_prop) - -allow hal_health_default fwk_stats_service:service_manager find; - -# Access to /sys/devices/platform/13200000.ufs/* -allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; - -allow hal_health_default sysfs_wlc:dir search; -allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/legacy/vendor/kernel.te b/legacy/vendor/kernel.te deleted file mode 100644 index 28f140a..0000000 --- a/legacy/vendor/kernel.te +++ /dev/null @@ -1,24 +0,0 @@ -allow kernel vendor_fw_file:dir r_dir_perms; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -dontaudit kernel vendor_maxfg_debugfs:dir search; -dontaudit kernel sepolicy_file:file getattr; -dontaudit kernel system_bootstrap_lib_file:dir getattr; -dontaudit kernel system_bootstrap_lib_file:file getattr; -dontaudit kernel system_dlkm_file:dir getattr; -dontaudit kernel vendor_battery_debugfs:dir search; -dontaudit kernel vendor_charger_debugfs:dir search; - -allow kernel vendor_regmap_debugfs:dir search; - diff --git a/legacy/vendor/pixeldisplayservice_app.te b/legacy/vendor/pixeldisplayservice_app.te deleted file mode 100644 index 736f443..0000000 --- a/legacy/vendor/pixeldisplayservice_app.te +++ /dev/null @@ -1,11 +0,0 @@ - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - -allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; -binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/legacy/vendor/pixelstats_vendor.te b/legacy/vendor/pixelstats_vendor.te deleted file mode 100644 index f4f447a..0000000 --- a/legacy/vendor/pixelstats_vendor.te +++ /dev/null @@ -1,35 +0,0 @@ -# Battery history -allow pixelstats_vendor battery_history_device:chr_file r_file_perms; - -# BCL -allow pixelstats_vendor sysfs_bcl:dir search; -allow pixelstats_vendor sysfs_bcl:file r_file_perms; -allow pixelstats_vendor mitigation_vendor_data_file:dir search; -allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; -get_prop(pixelstats_vendor, vendor_brownout_reason_prop); - -#vendor-metrics -r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) -allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; -allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; - -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; - -# PCIe Link Statistics -allow pixelstats_vendor sysfs_pcie:dir search; -allow pixelstats_vendor sysfs_pcie:file rw_file_perms; - -allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; - -# Display -r_dir_file(pixelstats_vendor, sysfs_display) -allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; - -#Thermal -r_dir_file(pixelstats_vendor, sysfs_thermal) -allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; - -# Pca charge -allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/legacy/vendor/seapp_contexts b/legacy/vendor/seapp_contexts deleted file mode 100644 index f994993..0000000 --- a/legacy/vendor/seapp_contexts +++ /dev/null @@ -1,31 +0,0 @@ -# Domain for EuiccSupportPixel -user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all - -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - -# Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - -# CccDkTimeSyncService -user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - diff --git a/legacy/legacy/whitechapel_pro/attributes b/legacy/whitechapel_pro/attributes similarity index 100% rename from legacy/legacy/whitechapel_pro/attributes rename to legacy/whitechapel_pro/attributes diff --git a/legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te similarity index 70% rename from legacy/legacy/whitechapel_pro/device.te rename to legacy/whitechapel_pro/device.te index 7d31940..bf6f21c 100644 --- a/legacy/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -2,3 +2,6 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; diff --git a/legacy/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te similarity index 82% rename from legacy/legacy/whitechapel_pro/file.te rename to legacy/whitechapel_pro/file.te index f59a80b..23d748b 100644 --- a/legacy/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -2,6 +2,8 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -17,6 +19,7 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts similarity index 93% rename from legacy/legacy/whitechapel_pro/file_contexts rename to legacy/whitechapel_pro/file_contexts index 3ee41cd..a9901c0 100644 --- a/legacy/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -41,8 +41,13 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 + +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/genfs_contexts rename to legacy/whitechapel_pro/genfs_contexts diff --git a/legacy/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/whitechapel_pro/hal_input_processor_default.te similarity index 100% rename from legacy/legacy/whitechapel_pro/hal_input_processor_default.te rename to legacy/whitechapel_pro/hal_input_processor_default.te diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..76ea843 --- /dev/null +++ b/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/mac_permissions.xml b/legacy/whitechapel_pro/mac_permissions.xml similarity index 100% rename from legacy/legacy/whitechapel_pro/mac_permissions.xml rename to legacy/whitechapel_pro/mac_permissions.xml diff --git a/legacy/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te similarity index 100% rename from legacy/legacy/whitechapel_pro/property.te rename to legacy/whitechapel_pro/property.te diff --git a/legacy/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/property_contexts rename to legacy/whitechapel_pro/property_contexts diff --git a/legacy/legacy/whitechapel_pro/service.te b/legacy/whitechapel_pro/service.te similarity index 100% rename from legacy/legacy/whitechapel_pro/service.te rename to legacy/whitechapel_pro/service.te diff --git a/legacy/legacy/whitechapel_pro/service_contexts b/legacy/whitechapel_pro/service_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/service_contexts rename to legacy/whitechapel_pro/service_contexts diff --git a/legacy/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros similarity index 100% rename from legacy/legacy/whitechapel_pro/te_macros rename to legacy/whitechapel_pro/te_macros diff --git a/legacy/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice.te rename to legacy/whitechapel_pro/vndservice.te diff --git a/legacy/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice_contexts rename to legacy/whitechapel_pro/vndservice_contexts diff --git a/legacy/private/vendor_init.te b/private/vendor_init.te similarity index 100% rename from legacy/private/vendor_init.te rename to private/vendor_init.te diff --git a/legacy/radio/bipchmgr.te b/radio/bipchmgr.te similarity index 100% rename from legacy/radio/bipchmgr.te rename to radio/bipchmgr.te diff --git a/legacy/radio/cat_engine_service_app.te b/radio/cat_engine_service_app.te similarity index 100% rename from legacy/radio/cat_engine_service_app.te rename to radio/cat_engine_service_app.te diff --git a/legacy/radio/cbd.te b/radio/cbd.te similarity index 100% rename from legacy/radio/cbd.te rename to radio/cbd.te diff --git a/legacy/radio/cbrs_setup.te b/radio/cbrs_setup.te similarity index 100% rename from legacy/radio/cbrs_setup.te rename to radio/cbrs_setup.te diff --git a/legacy/radio/certs/com_google_mds.x509.pem b/radio/certs/com_google_mds.x509.pem similarity index 100% rename from legacy/radio/certs/com_google_mds.x509.pem rename to radio/certs/com_google_mds.x509.pem diff --git a/legacy/radio/device.te b/radio/device.te similarity index 100% rename from legacy/radio/device.te rename to radio/device.te diff --git a/legacy/radio/dmd.te b/radio/dmd.te similarity index 100% rename from legacy/radio/dmd.te rename to radio/dmd.te diff --git a/legacy/radio/file.te b/radio/file.te similarity index 100% rename from legacy/radio/file.te rename to radio/file.te diff --git a/legacy/radio/file_contexts b/radio/file_contexts similarity index 100% rename from legacy/radio/file_contexts rename to radio/file_contexts diff --git a/legacy/radio/fsck.te b/radio/fsck.te similarity index 100% rename from legacy/radio/fsck.te rename to radio/fsck.te diff --git a/legacy/radio/genfs_contexts b/radio/genfs_contexts similarity index 63% rename from legacy/radio/genfs_contexts rename to radio/genfs_contexts index 6f0199f..347e461 100644 --- a/legacy/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -4,5 +4,8 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 +# GPS +genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 + # Modem -genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/legacy/radio/gpsd.te b/radio/gpsd.te similarity index 100% rename from legacy/radio/gpsd.te rename to radio/gpsd.te diff --git a/legacy/radio/grilservice_app.te b/radio/grilservice_app.te similarity index 92% rename from legacy/radio/grilservice_app.te rename to radio/grilservice_app.te index 16976c9..2525bab 100644 --- a/legacy/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -3,7 +3,6 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; diff --git a/legacy/radio/hal_radioext_default.te b/radio/hal_radioext_default.te similarity index 92% rename from legacy/radio/hal_radioext_default.te rename to radio/hal_radioext_default.te index 7bc0e96..6e17e19 100644 --- a/legacy/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -19,7 +19,6 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/legacy/radio/hwservice.te b/radio/hwservice.te similarity index 100% rename from legacy/radio/hwservice.te rename to radio/hwservice.te diff --git a/legacy/radio/hwservice_contexts b/radio/hwservice_contexts similarity index 100% rename from legacy/radio/hwservice_contexts rename to radio/hwservice_contexts diff --git a/legacy/radio/hwservicemanager.te b/radio/hwservicemanager.te similarity index 100% rename from legacy/radio/hwservicemanager.te rename to radio/hwservicemanager.te diff --git a/legacy/radio/init.te b/radio/init.te similarity index 100% rename from legacy/radio/init.te rename to radio/init.te diff --git a/legacy/radio/init_radio.te b/radio/init_radio.te similarity index 100% rename from legacy/radio/init_radio.te rename to radio/init_radio.te diff --git a/radio/keys.conf b/radio/keys.conf new file mode 100644 index 0000000..45db97d --- /dev/null +++ b/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/legacy/radio/logger_app.te b/radio/logger_app.te similarity index 91% rename from legacy/radio/logger_app.te rename to radio/logger_app.te index ab43385..098955d 100644 --- a/legacy/radio/logger_app.te +++ b/radio/logger_app.te @@ -5,9 +5,6 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:file create_file_perms; allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; - allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; - - binder_call(logger_app, rild) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/legacy/radio/mac_permissions.xml b/radio/mac_permissions.xml similarity index 100% rename from legacy/radio/mac_permissions.xml rename to radio/mac_permissions.xml diff --git a/legacy/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te similarity index 100% rename from legacy/radio/modem_diagnostic_app.te rename to radio/modem_diagnostic_app.te diff --git a/legacy/radio/modem_logging_control.te b/radio/modem_logging_control.te similarity index 100% rename from legacy/radio/modem_logging_control.te rename to radio/modem_logging_control.te diff --git a/legacy/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te similarity index 100% rename from legacy/radio/modem_ml_svc_sit.te rename to radio/modem_ml_svc_sit.te diff --git a/legacy/radio/modem_svc_sit.te b/radio/modem_svc_sit.te similarity index 100% rename from legacy/radio/modem_svc_sit.te rename to radio/modem_svc_sit.te diff --git a/legacy/radio/oemrilservice_app.te b/radio/oemrilservice_app.te similarity index 100% rename from legacy/radio/oemrilservice_app.te rename to radio/oemrilservice_app.te diff --git a/legacy/radio/private/radio.te b/radio/private/radio.te similarity index 100% rename from legacy/radio/private/radio.te rename to radio/private/radio.te diff --git a/legacy/radio/private/service_contexts b/radio/private/service_contexts similarity index 100% rename from legacy/radio/private/service_contexts rename to radio/private/service_contexts diff --git a/legacy/radio/property.te b/radio/property.te similarity index 100% rename from legacy/radio/property.te rename to radio/property.te diff --git a/legacy/radio/property_contexts b/radio/property_contexts similarity index 100% rename from legacy/radio/property_contexts rename to radio/property_contexts diff --git a/radio/radio.te b/radio/radio.te index 7a75779..221c812 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,2 +1,8 @@ set_prop(radio, telephony_ril_prop) +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rfsd.te b/radio/rfsd.te similarity index 100% rename from legacy/radio/rfsd.te rename to radio/rfsd.te diff --git a/legacy/radio/sced.te b/radio/sced.te similarity index 100% rename from legacy/radio/sced.te rename to radio/sced.te diff --git a/legacy/radio/seapp_contexts b/radio/seapp_contexts similarity index 100% rename from legacy/radio/seapp_contexts rename to radio/seapp_contexts diff --git a/legacy/radio/ssr_detector.te b/radio/ssr_detector.te similarity index 100% rename from legacy/radio/ssr_detector.te rename to radio/ssr_detector.te diff --git a/legacy/radio/vcd.te b/radio/vcd.te similarity index 100% rename from legacy/radio/vcd.te rename to radio/vcd.te diff --git a/legacy/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te similarity index 100% rename from legacy/radio/vendor_engineermode_app.te rename to radio/vendor_engineermode_app.te diff --git a/legacy/radio/vendor_ims_app.te b/radio/vendor_ims_app.te similarity index 100% rename from legacy/radio/vendor_ims_app.te rename to radio/vendor_ims_app.te diff --git a/legacy/radio/vendor_ims_remote_app.te b/radio/vendor_ims_remote_app.te similarity index 100% rename from legacy/radio/vendor_ims_remote_app.te rename to radio/vendor_ims_remote_app.te diff --git a/legacy/radio/vendor_init.te b/radio/vendor_init.te similarity index 100% rename from legacy/radio/vendor_init.te rename to radio/vendor_init.te diff --git a/legacy/radio/vendor_qualifiednetworks_app.te b/radio/vendor_qualifiednetworks_app.te similarity index 100% rename from legacy/radio/vendor_qualifiednetworks_app.te rename to radio/vendor_qualifiednetworks_app.te diff --git a/legacy/radio/vendor_rcs_app.te b/radio/vendor_rcs_app.te similarity index 100% rename from legacy/radio/vendor_rcs_app.te rename to radio/vendor_rcs_app.te diff --git a/legacy/radio/vendor_rcs_service_app.te b/radio/vendor_rcs_service_app.te similarity index 100% rename from legacy/radio/vendor_rcs_service_app.te rename to radio/vendor_rcs_service_app.te diff --git a/legacy/radio/vendor_silentlogging_remote_app.te b/radio/vendor_silentlogging_remote_app.te similarity index 100% rename from legacy/radio/vendor_silentlogging_remote_app.te rename to radio/vendor_silentlogging_remote_app.te diff --git a/legacy/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te similarity index 100% rename from legacy/radio/vendor_telephony_debug_app.te rename to radio/vendor_telephony_debug_app.te diff --git a/legacy/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te similarity index 100% rename from legacy/radio/vendor_telephony_silentlogging_app.te rename to radio/vendor_telephony_silentlogging_app.te diff --git a/legacy/radio/vendor_telephony_test_app.te b/radio/vendor_telephony_test_app.te similarity index 100% rename from legacy/radio/vendor_telephony_test_app.te rename to radio/vendor_telephony_test_app.te diff --git a/legacy/radio/vold.te b/radio/vold.te similarity index 100% rename from legacy/radio/vold.te rename to radio/vold.te diff --git a/legacy/system_ext/private/platform_app.te b/system_ext/private/platform_app.te similarity index 100% rename from legacy/system_ext/private/platform_app.te rename to system_ext/private/platform_app.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te new file mode 100644 index 0000000..3baf986 --- /dev/null +++ b/tracking_denials/con_monitor_app.te @@ -0,0 +1,36 @@ +# b/261518779 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; +dontaudit con_monitor_app system_server:binder { call }; +dontaudit con_monitor_app system_server:binder { transfer }; +dontaudit con_monitor_app system_server:fd { use }; +# b/261783158 +dontaudit con_monitor_app system_file:file { getattr }; +dontaudit con_monitor_app system_file:file { map }; +dontaudit con_monitor_app system_file:file { open }; +dontaudit con_monitor_app system_file:file { read }; +dontaudit con_monitor_app tmpfs:file { execute }; +dontaudit con_monitor_app tmpfs:file { map }; +dontaudit con_monitor_app tmpfs:file { read }; +dontaudit con_monitor_app tmpfs:file { write }; +# b/261933171 +dontaudit con_monitor_app dumpstate:fd { use }; +dontaudit con_monitor_app dumpstate:fifo_file { append }; +dontaudit con_monitor_app dumpstate:fifo_file { write }; +dontaudit con_monitor_app system_server:fifo_file { write }; +dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; +dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; +# b/262455571 +dontaudit con_monitor_app data_file_type:dir { search }; +dontaudit con_monitor_app servicemanager:binder { call }; +dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; +dontaudit con_monitor_app statsdw_socket:sock_file { write }; +dontaudit con_monitor_app system_file:file { execute }; +# b/264489520 +userdebug_or_eng(` + permissive con_monitor_app; +') +# b/267843291 +dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..3313642 --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155496 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te new file mode 100644 index 0000000..4428b68 --- /dev/null +++ b/tracking_denials/fastbootd.te @@ -0,0 +1,4 @@ +# b/264489957 +userdebug_or_eng(` + permissive fastbootd; +') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..601c2bb --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,3 @@ +# b/267260619 +dontaudit hal_sensors_default dumpstate:fd { use }; +dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..08db477 --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/267261163 +dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te new file mode 100644 index 0000000..4bd4489 --- /dev/null +++ b/tracking_denials/incidentd.te @@ -0,0 +1,3 @@ +# b/261933310 +dontaudit incidentd debugfs_wakeup_sources:file { open }; +dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te new file mode 100644 index 0000000..23d091b --- /dev/null +++ b/tracking_denials/kernel.te @@ -0,0 +1,7 @@ +# b/262794429 +dontaudit kernel sepolicy_file:file { getattr }; +dontaudit kernel system_bootstrap_lib_file:dir { getattr }; +dontaudit kernel system_bootstrap_lib_file:file { getattr }; +dontaudit kernel system_dlkm_file:dir { getattr }; +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te similarity index 100% rename from legacy/tracking_denials/rebalance_interrupts_vendor.te rename to tracking_denials/rebalance_interrupts_vendor.te diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te new file mode 100644 index 0000000..d1c8b73 --- /dev/null +++ b/tracking_denials/ssr_detector_app.te @@ -0,0 +1,6 @@ +# b/261651131 +dontaudit ssr_detector_app system_app_data_file:file { open }; +# b/264489567 +userdebug_or_eng(` + permissive ssr_detector_app; +') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te new file mode 100644 index 0000000..0de59ee --- /dev/null +++ b/tracking_denials/update_engine.te @@ -0,0 +1,2 @@ +# b/267261048 +dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..abfba26 --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,3 @@ +# b/260366195 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/legacy/vendor/audioserver.te b/vendor/audioserver.te similarity index 100% rename from legacy/vendor/audioserver.te rename to vendor/audioserver.te diff --git a/legacy/vendor/bootanim.te b/vendor/bootanim.te similarity index 100% rename from legacy/vendor/bootanim.te rename to vendor/bootanim.te diff --git a/legacy/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te similarity index 77% rename from legacy/vendor/cccdk_timesync_app.te rename to vendor/cccdk_timesync_app.te index 3948edc..f34c5f3 100644 --- a/legacy/vendor/cccdk_timesync_app.te +++ b/vendor/cccdk_timesync_app.te @@ -2,7 +2,6 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/legacy/vendor/charger_vendor.te b/vendor/charger_vendor.te similarity index 100% rename from legacy/vendor/charger_vendor.te rename to vendor/charger_vendor.te diff --git a/vendor/chre.te b/vendor/chre.te index ed15009..7c0ad8f 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -1,4 +1,20 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + # Allow CHRE to write to data to chre data directory allow chre chre_data_file:dir create_dir_perms; allow chre chre_data_file:file create_file_perms; +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te new file mode 100644 index 0000000..814c5e8 --- /dev/null +++ b/vendor/con_monitor_app.te @@ -0,0 +1,3 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); diff --git a/legacy/vendor/debug_camera_app.te b/vendor/debug_camera_app.te similarity index 75% rename from legacy/vendor/debug_camera_app.te rename to vendor/debug_camera_app.te index 16fb321..44859fe 100644 --- a/legacy/vendor/debug_camera_app.te +++ b/vendor/debug_camera_app.te @@ -1,6 +1,4 @@ - userdebug_or_eng(` - # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; get_prop(debug_camera_app, vendor_gxp_prop) @@ -8,7 +6,4 @@ userdebug_or_eng(` # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. - allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; ') diff --git a/vendor/device.te b/vendor/device.te index ca6c3ca..044da91 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,3 +1,22 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type fingerprint_device, dev_type; +type uci_device, dev_type; + # Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; +# SecureElement SPI device +type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/legacy/vendor/domain.te b/vendor/domain.te similarity index 100% rename from legacy/vendor/domain.te rename to vendor/domain.te diff --git a/legacy/vendor/dump_gsa.te b/vendor/dump_gsa.te similarity index 100% rename from legacy/vendor/dump_gsa.te rename to vendor/dump_gsa.te diff --git a/legacy/vendor/dump_power.te b/vendor/dump_power.te similarity index 100% rename from legacy/vendor/dump_power.te rename to vendor/dump_power.te diff --git a/legacy/vendor/dump_wlan.te b/vendor/dump_wlan.te similarity index 100% rename from legacy/vendor/dump_wlan.te rename to vendor/dump_wlan.te diff --git a/legacy/vendor/dumpstate.te b/vendor/dumpstate.te similarity index 100% rename from legacy/vendor/dumpstate.te rename to vendor/dumpstate.te diff --git a/legacy/vendor/e2fs.te b/vendor/e2fs.te similarity index 100% rename from legacy/vendor/e2fs.te rename to vendor/e2fs.te diff --git a/legacy/vendor/euiccpixel_app.te b/vendor/euiccpixel_app.te similarity index 100% rename from legacy/vendor/euiccpixel_app.te rename to vendor/euiccpixel_app.te diff --git a/vendor/file.te b/vendor/file.te index fbeb901..b97b93d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,5 +1,54 @@ -# Faceauth -type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; # Data +type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 36e396a..f59fcdd 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,5 +1,32 @@ -# Vendor -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -7,18 +34,109 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 +# Vendor libraries + +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 + +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 + # Devices -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 @@ -26,14 +144,67 @@ /dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 diff --git a/legacy/vendor/fsck.te b/vendor/fsck.te similarity index 100% rename from legacy/vendor/fsck.te rename to vendor/fsck.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a4c9852..1457d67 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,53 +1,542 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + # debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + # Battery -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te new file mode 100644 index 0000000..fd19c05 --- /dev/null +++ b/vendor/google_camera_app.te @@ -0,0 +1,7 @@ +# Allows GCA to acccess the GXP device & properties. +allow google_camera_app gxp_device:chr_file rw_file_perms; +get_prop(google_camera_app, vendor_gxp_prop) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/legacy/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from legacy/vendor/hal_bluetooth_btlinux.te rename to vendor/hal_bluetooth_btlinux.te diff --git a/legacy/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te similarity index 77% rename from legacy/vendor/hal_bootctl_default.te rename to vendor/hal_bootctl_default.te index 2ffeb27..2db4651 100644 --- a/legacy/vendor/hal_bootctl_default.te +++ b/vendor/hal_bootctl_default.te @@ -2,7 +2,3 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -') diff --git a/legacy/vendor/hal_camera_default.te b/vendor/hal_camera_default.te similarity index 91% rename from legacy/vendor/hal_camera_default.te rename to vendor/hal_camera_default.te index e252b28..35cd7cf 100644 --- a/legacy/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -29,10 +29,6 @@ allow hal_camera_default persist_camera_file:file create_file_perms; allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; allow hal_camera_default vendor_camera_data_file:file create_file_perms; -# Allow the camera hal to access the GXP device. -allow hal_camera_default gxp_device:chr_file rw_file_perms; -get_prop(hal_camera_default, vendor_gxp_prop) - # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; @@ -81,9 +77,6 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); -# Allows camera HAL to access the hw_jpeg /dev/video12. -allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; - # For camera hal to talk with rlsservice allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) @@ -101,6 +94,3 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; dontaudit hal_camera_default traced_producer_socket:sock_file { write }; - -# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes -wakelock_use(hal_camera_default) diff --git a/legacy/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te similarity index 100% rename from legacy/vendor/hal_contexthub_default.te rename to vendor/hal_contexthub_default.te diff --git a/legacy/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te similarity index 91% rename from legacy/vendor/hal_fingerprint_default.te rename to vendor/hal_fingerprint_default.te index b0a8116..6aa57dd 100644 --- a/legacy/vendor/hal_fingerprint_default.te +++ b/vendor/hal_fingerprint_default.te @@ -37,7 +37,3 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; - -# Allow fingerprint to access sysfs_aoc_udfps -allow hal_fingerprint_default sysfs_aoc:dir search; -allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index 08cd256..b624db1 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,2 +1,6 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; - diff --git a/legacy/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te similarity index 100% rename from legacy/vendor/hal_graphics_composer_default.te rename to vendor/hal_graphics_composer_default.te diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index 033042b..c57ef34 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -1 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/hal_memtrack_default.te b/vendor/hal_memtrack_default.te similarity index 100% rename from legacy/vendor/hal_memtrack_default.te rename to vendor/hal_memtrack_default.te diff --git a/legacy/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te similarity index 100% rename from legacy/vendor/hal_nfc_default.te rename to vendor/hal_nfc_default.te diff --git a/legacy/vendor/hal_power_default.te b/vendor/hal_power_default.te similarity index 66% rename from legacy/vendor/hal_power_default.te rename to vendor/hal_power_default.te index 1f0cd3a..bb86aad 100644 --- a/legacy/vendor/hal_power_default.te +++ b/vendor/hal_power_default.te @@ -4,6 +4,4 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -allow hal_power_default sysfs_ospm:file rw_file_perms; -allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); +set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file diff --git a/legacy/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te similarity index 94% rename from legacy/vendor/hal_power_stats_default.te rename to vendor/hal_power_stats_default.te index 012debc..2845a0a 100644 --- a/legacy/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -3,7 +3,6 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) -r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) diff --git a/legacy/vendor/hal_radioext_default.te b/vendor/hal_radioext_default.te similarity index 100% rename from legacy/vendor/hal_radioext_default.te rename to vendor/hal_radioext_default.te diff --git a/legacy/vendor/hal_secure_element_st54spi_aidl.te b/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from legacy/vendor/hal_secure_element_st54spi_aidl.te rename to vendor/hal_secure_element_st54spi_aidl.te diff --git a/legacy/vendor/hal_secure_element_uicc.te b/vendor/hal_secure_element_uicc.te similarity index 100% rename from legacy/vendor/hal_secure_element_uicc.te rename to vendor/hal_secure_element_uicc.te diff --git a/legacy/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te similarity index 91% rename from legacy/vendor/hal_sensors_default.te rename to vendor/hal_sensors_default.te index fe24c8a..b9f6a72 100644 --- a/legacy/vendor/hal_sensors_default.te +++ b/vendor/hal_sensors_default.te @@ -17,9 +17,6 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow sensor HAL to access the thermal service HAL -hal_client_domain(hal_sensors_default, hal_thermal); - # Allow reading of sensor registry persist files and camera persist files. allow hal_sensors_default mnt_vendor_file:dir search; allow hal_sensors_default persist_file:dir search; @@ -49,9 +46,6 @@ binder_call(hal_sensors_default, system_server); # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -# Allow access to raw HID devices for dynamic sensors. -allow hal_sensors_default hidraw_device:chr_file rw_file_perms; - # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; diff --git a/legacy/vendor/hal_thermal_default.te b/vendor/hal_thermal_default.te similarity index 100% rename from legacy/vendor/hal_thermal_default.te rename to vendor/hal_thermal_default.te diff --git a/legacy/vendor/hal_usb_gadget_impl.te b/vendor/hal_usb_gadget_impl.te similarity index 100% rename from legacy/vendor/hal_usb_gadget_impl.te rename to vendor/hal_usb_gadget_impl.te diff --git a/legacy/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te similarity index 93% rename from legacy/vendor/hal_usb_impl.te rename to vendor/hal_usb_impl.te index 27d7bdd..15d74c5 100644 --- a/legacy/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -7,7 +7,6 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; -allow hal_usb_impl dumpstate:fd use; # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; diff --git a/legacy/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te similarity index 54% rename from legacy/vendor/hal_uwb_vendor_default.te rename to vendor/hal_uwb_vendor_default.te index ac5d7e7..06a67d0 100644 --- a/legacy/vendor/hal_uwb_vendor_default.te +++ b/vendor/hal_uwb_vendor_default.te @@ -3,7 +3,3 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) -allow hal_uwb_default selinuxfs:file r_file_perms; - -allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; -allow hal_uwb_default uwb_data_vendor:file create_file_perms; diff --git a/legacy/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te similarity index 100% rename from legacy/vendor/hal_wifi_ext.te rename to vendor/hal_wifi_ext.te diff --git a/legacy/vendor/hal_wireless_charger.te b/vendor/hal_wireless_charger.te similarity index 100% rename from legacy/vendor/hal_wireless_charger.te rename to vendor/hal_wireless_charger.te diff --git a/legacy/vendor/hwservice.te b/vendor/hwservice.te similarity index 100% rename from legacy/vendor/hwservice.te rename to vendor/hwservice.te diff --git a/legacy/vendor/hwservice_contexts b/vendor/hwservice_contexts similarity index 100% rename from legacy/vendor/hwservice_contexts rename to vendor/hwservice_contexts diff --git a/legacy/vendor/init.te b/vendor/init.te similarity index 100% rename from legacy/vendor/init.te rename to vendor/init.te diff --git a/legacy/vendor/insmod-sh.te b/vendor/insmod-sh.te similarity index 100% rename from legacy/vendor/insmod-sh.te rename to vendor/insmod-sh.te diff --git a/legacy/vendor/installd.te b/vendor/installd.te similarity index 100% rename from legacy/vendor/installd.te rename to vendor/installd.te diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..0f2e18e --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1,15 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; diff --git a/legacy/vendor/logd.te b/vendor/logd.te similarity index 100% rename from legacy/vendor/logd.te rename to vendor/logd.te diff --git a/legacy/vendor/mac_permissions.xml b/vendor/mac_permissions.xml similarity index 100% rename from legacy/vendor/mac_permissions.xml rename to vendor/mac_permissions.xml diff --git a/legacy/vendor/mediacodec_google.te b/vendor/mediacodec_google.te similarity index 95% rename from legacy/vendor/mediacodec_google.te rename to vendor/mediacodec_google.te index 3056cf9..1c6413a 100644 --- a/legacy/vendor/mediacodec_google.te +++ b/vendor/mediacodec_google.te @@ -16,7 +16,6 @@ allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file rw_file_perms; allow mediacodec_google gpu_device:chr_file rw_file_perms; -allow mediacodec_google self:global_capability_class_set sys_nice; crash_dump_fallback(mediacodec_google) diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..e9c8d78 --- /dev/null +++ b/vendor/pixeldisplayservice_app.te @@ -0,0 +1,2 @@ +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 14824fc..192616b 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,5 +1,28 @@ +# Batery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/legacy/vendor/platform_app.te b/vendor/platform_app.te similarity index 100% rename from legacy/vendor/platform_app.te rename to vendor/platform_app.te diff --git a/legacy/vendor/property.te b/vendor/property.te similarity index 75% rename from legacy/vendor/property.te rename to vendor/property.te index 814beb2..8ef51a8 100644 --- a/legacy/vendor/property.te +++ b/vendor/property.te @@ -13,9 +13,3 @@ vendor_internal_prop(vendor_dynamic_sensor_prop) # Mali Integration vendor_restricted_prop(vendor_arm_runtime_option_prop) - -# ArmNN -vendor_internal_prop(vendor_armnn_config_prop) - -# Gxp properties -system_vendor_config_prop(vendor_gxp_prop) diff --git a/legacy/vendor/property_contexts b/vendor/property_contexts similarity index 78% rename from legacy/vendor/property_contexts rename to vendor/property_contexts index c77827d..8e43946 100644 --- a/legacy/vendor/property_contexts +++ b/vendor/property_contexts @@ -4,7 +4,6 @@ vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint -persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 @@ -21,9 +20,3 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix - -# ArmNN configuration -ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix - -# Gxp -vendor.gxp. u:object_r:vendor_gxp_prop:s0 diff --git a/legacy/vendor/ramdump_app.te b/vendor/ramdump_app.te similarity index 100% rename from legacy/vendor/ramdump_app.te rename to vendor/ramdump_app.te diff --git a/legacy/vendor/recovery.te b/vendor/recovery.te similarity index 100% rename from legacy/vendor/recovery.te rename to vendor/recovery.te diff --git a/legacy/vendor/rlsservice.te b/vendor/rlsservice.te similarity index 100% rename from legacy/vendor/rlsservice.te rename to vendor/rlsservice.te diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts new file mode 100644 index 0000000..ed23ae5 --- /dev/null +++ b/vendor/seapp_contexts @@ -0,0 +1,15 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all diff --git a/legacy/vendor/service.te b/vendor/service.te similarity index 100% rename from legacy/vendor/service.te rename to vendor/service.te diff --git a/legacy/vendor/service_contexts b/vendor/service_contexts similarity index 100% rename from legacy/vendor/service_contexts rename to vendor/service_contexts diff --git a/legacy/vendor/shell.te b/vendor/shell.te similarity index 100% rename from legacy/vendor/shell.te rename to vendor/shell.te diff --git a/legacy/vendor/surfaceflinger.te b/vendor/surfaceflinger.te similarity index 100% rename from legacy/vendor/surfaceflinger.te rename to vendor/surfaceflinger.te diff --git a/legacy/vendor/system_app.te b/vendor/system_app.te similarity index 100% rename from legacy/vendor/system_app.te rename to vendor/system_app.te diff --git a/legacy/vendor/system_server.te b/vendor/system_server.te similarity index 82% rename from legacy/vendor/system_server.te rename to vendor/system_server.te index de29de3..853e3cf 100644 --- a/legacy/vendor/system_server.te +++ b/vendor/system_server.te @@ -1,6 +1,5 @@ # Allow system server to send sensor data callbacks to GPS binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); -binder_call(system_server, con_monitor_app); allow system_server arm_mali_platform_service:service_manager find; diff --git a/legacy/vendor/systemui_app.te b/vendor/systemui_app.te similarity index 100% rename from legacy/vendor/systemui_app.te rename to vendor/systemui_app.te diff --git a/legacy/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te similarity index 100% rename from legacy/vendor/tcpdump_logger.te rename to vendor/tcpdump_logger.te diff --git a/legacy/vendor/tee.te b/vendor/tee.te similarity index 100% rename from legacy/vendor/tee.te rename to vendor/tee.te diff --git a/legacy/vendor/toolbox.te b/vendor/toolbox.te similarity index 100% rename from legacy/vendor/toolbox.te rename to vendor/toolbox.te diff --git a/legacy/vendor/trusty_apploader.te b/vendor/trusty_apploader.te similarity index 100% rename from legacy/vendor/trusty_apploader.te rename to vendor/trusty_apploader.te diff --git a/legacy/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te similarity index 100% rename from legacy/vendor/trusty_metricsd.te rename to vendor/trusty_metricsd.te diff --git a/legacy/vendor/twoshay.te b/vendor/twoshay.te similarity index 100% rename from legacy/vendor/twoshay.te rename to vendor/twoshay.te diff --git a/legacy/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te similarity index 100% rename from legacy/vendor/ufs_firmware_update.te rename to vendor/ufs_firmware_update.te diff --git a/legacy/vendor/update_engine.te b/vendor/update_engine.te similarity index 74% rename from legacy/vendor/update_engine.te rename to vendor/update_engine.te index a403d9e..fb59e4b 100644 --- a/legacy/vendor/update_engine.te +++ b/vendor/update_engine.te @@ -1,3 +1,4 @@ allow update_engine custom_ab_block_device:blk_file rw_file_perms; +allow update_engine dtbo_block_device:blk_file rw_file_perms; allow update_engine modem_block_device:blk_file rw_file_perms; allow update_engine proc_bootconfig:file r_file_perms; diff --git a/legacy/vendor/uwb_vendor_app.te b/vendor/uwb_vendor_app.te similarity index 100% rename from legacy/vendor/uwb_vendor_app.te rename to vendor/uwb_vendor_app.te diff --git a/legacy/vendor/vendor_init.te b/vendor/vendor_init.te similarity index 84% rename from legacy/vendor/vendor_init.te rename to vendor/vendor_init.te index 3abf696..2071850 100644 --- a/legacy/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -11,9 +11,6 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; -# Allow for checking NSP permissions -allow vendor_init tee_data_file:lnk_file read; - userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') @@ -29,16 +26,9 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) -set_prop(vendor_init, vendor_ssrdump_prop) - # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) - -# ArmNN -set_prop(vendor_init, vendor_armnn_config_prop) +set_prop(vendor_init, vendor_ssrdump_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; - -# Gxp -set_prop(vendor_init, vendor_gxp_prop) diff --git a/legacy/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te similarity index 53% rename from legacy/vendor/vendor_uwb_init.te rename to vendor/vendor_uwb_init.te index 9008238..5216019 100644 --- a/legacy/vendor/vendor_uwb_init.te +++ b/vendor/vendor_uwb_init.te @@ -2,6 +2,3 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) - -allow vendor_uwb_init uwb_data_vendor:file create_file_perms; -allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/legacy/vendor/vndservice.te b/vendor/vndservice.te similarity index 100% rename from legacy/vendor/vndservice.te rename to vendor/vndservice.te diff --git a/legacy/vendor/vndservice_contexts b/vendor/vndservice_contexts similarity index 100% rename from legacy/vendor/vndservice_contexts rename to vendor/vndservice_contexts diff --git a/legacy/vendor/wifi_sniffer.te b/vendor/wifi_sniffer.te similarity index 100% rename from legacy/vendor/wifi_sniffer.te rename to vendor/wifi_sniffer.te diff --git a/legacy/widevine/file.te b/widevine/file.te similarity index 100% rename from legacy/widevine/file.te rename to widevine/file.te diff --git a/legacy/widevine/file_contexts b/widevine/file_contexts similarity index 100% rename from legacy/widevine/file_contexts rename to widevine/file_contexts diff --git a/legacy/widevine/hal_drm_clearkey.te b/widevine/hal_drm_clearkey.te similarity index 100% rename from legacy/widevine/hal_drm_clearkey.te rename to widevine/hal_drm_clearkey.te diff --git a/legacy/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te similarity index 100% rename from legacy/widevine/hal_drm_widevine.te rename to widevine/hal_drm_widevine.te diff --git a/legacy/widevine/service_contexts b/widevine/service_contexts similarity index 100% rename from legacy/widevine/service_contexts rename to widevine/service_contexts diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index 66c4d34..f202935 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -17,15 +17,8 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/pr BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/whitechapel_pro -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/private -SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/public -SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/vendor -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/tracking_denials -PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/public +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private + From 880983646ab81e5ac75f15e92ad567a03e2113f7 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 24 Aug 2023 08:45:15 +0800 Subject: [PATCH 044/321] Revert "Remove camera duplicate config" This reverts commit a9972cfbde98a63604014e331c442606b4012690. Bug:297270938 Merged-In: I3b15b35df4bc40716d0aa757a226c5075c7e29ff Change-Id: Id9418e2690ca002079d896fd7717bfbb3c607733 --- legacy/vendor/debug_camera_app.te | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te index 16fb321..37a19ec 100644 --- a/legacy/vendor/debug_camera_app.te +++ b/legacy/vendor/debug_camera_app.te @@ -1,5 +1,14 @@ userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; # Allows GCA-Eng & GCA-Next access the GXP device and properties. allow debug_camera_app gxp_device:chr_file rw_file_perms; @@ -9,6 +18,9 @@ userdebug_or_eng(` allow debug_camera_app edgetpu_app_service:service_manager find; allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + # Allows GCA_Eng & GCA-Next to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) + # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; ') From c7a757a4ee0a6d8cc97a9ade4bb20003110a330a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 24 Aug 2023 08:45:34 +0800 Subject: [PATCH 045/321] Revert "Sync zuma-sepolicy to legacy folder" This reverts commit 355f0df8fd219b03636b40859fc0f6b08358eb94. Bug: 297270938 Merged-In: I3b15b35df4bc40716d0aa757a226c5075c7e29ff Change-Id: I44cbb1a0ea6248fbc5a4dc3c12e96d2b66a32282 --- legacy/OWNERS | 3 - .../system_ext/private/property_contexts | 2 - legacy/legacy/system_ext/public/property.te | 2 - legacy/legacy/whitechapel_pro/keys.conf | 5 - legacy/{legacy => }/private/property_contexts | 0 legacy/radio/keys.conf | 3 - legacy/radio/radio.te | 8 - legacy/radio/rild.te | 42 -- legacy/system_ext/private/property_contexts | 2 + legacy/system_ext/private/seapp_contexts | 0 legacy/system_ext/private/systemui_app.te | 20 - legacy/system_ext/public/property.te | 6 +- legacy/system_ext/public/systemui_app.te | 0 legacy/tracking_denials/README.txt | 2 - legacy/tracking_denials/bug_map | 10 - legacy/tracking_denials/kernel.te | 2 - legacy/vendor/certs/app.x509.pem | 27 - legacy/vendor/certs/camera_eng.x509.pem | 17 - legacy/vendor/certs/camera_fishfood.x509.pem | 15 - ...ogle_android_apps_camera_services.x509.pem | 30 - legacy/vendor/chre.te | 16 - legacy/vendor/con_monitor_app.te | 12 - legacy/vendor/debug_camera_app.te | 26 - legacy/vendor/device.te | 29 - .../disable-contaminant-detection-sh.te | 7 - legacy/vendor/dump_cma.te | 7 - legacy/vendor/fastbootd.te | 6 - legacy/vendor/file.te | 57 -- legacy/vendor/file_contexts | 181 ------ legacy/vendor/genfs_contexts | 501 ---------------- legacy/vendor/google_camera_app.te | 23 - legacy/vendor/gxp_logging.te | 22 - .../vendor/hal_graphics_allocator_default.te | 6 - legacy/vendor/hal_health_default.te | 16 - legacy/vendor/kernel.te | 24 - legacy/vendor/pixeldisplayservice_app.te | 11 - legacy/vendor/pixelstats_vendor.te | 35 -- legacy/vendor/seapp_contexts | 31 - .../{legacy => }/whitechapel_pro/attributes | 0 .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 legacy/{legacy => }/whitechapel_pro/device.te | 3 + legacy/{legacy => }/whitechapel_pro/file.te | 3 + .../whitechapel_pro/file_contexts | 5 + .../whitechapel_pro/genfs_contexts | 0 .../hal_input_processor_default.te | 0 legacy/whitechapel_pro/keys.conf | 5 + .../whitechapel_pro/mac_permissions.xml | 0 .../{legacy => }/whitechapel_pro/property.te | 0 .../whitechapel_pro/property_contexts | 0 .../{legacy => }/whitechapel_pro/service.te | 0 .../whitechapel_pro/service_contexts | 0 legacy/{legacy => }/whitechapel_pro/te_macros | 0 .../whitechapel_pro/vndservice.te | 0 .../whitechapel_pro/vndservice_contexts | 0 {legacy/private => private}/vendor_init.te | 0 {legacy/radio => radio}/bipchmgr.te | 0 .../radio => radio}/cat_engine_service_app.te | 0 {legacy/radio => radio}/cbd.te | 0 {legacy/radio => radio}/cbrs_setup.te | 0 .../certs/com_google_mds.x509.pem | 0 {legacy/radio => radio}/device.te | 0 {legacy/radio => radio}/dmd.te | 0 {legacy/radio => radio}/file.te | 0 {legacy/radio => radio}/file_contexts | 0 {legacy/radio => radio}/fsck.te | 0 {legacy/radio => radio}/genfs_contexts | 5 +- {legacy/radio => radio}/gpsd.te | 0 {legacy/radio => radio}/grilservice_app.te | 1 - .../radio => radio}/hal_radioext_default.te | 1 - {legacy/radio => radio}/hwservice.te | 0 {legacy/radio => radio}/hwservice_contexts | 0 {legacy/radio => radio}/hwservicemanager.te | 0 {legacy/radio => radio}/init.te | 0 {legacy/radio => radio}/init_radio.te | 0 radio/keys.conf | 3 + {legacy/radio => radio}/logger_app.te | 3 - {legacy/radio => radio}/mac_permissions.xml | 0 .../radio => radio}/modem_diagnostic_app.te | 0 .../radio => radio}/modem_logging_control.te | 0 {legacy/radio => radio}/modem_ml_svc_sit.te | 0 {legacy/radio => radio}/modem_svc_sit.te | 0 {legacy/radio => radio}/oemrilservice_app.te | 0 {legacy/radio => radio}/private/radio.te | 0 .../radio => radio}/private/service_contexts | 0 {legacy/radio => radio}/property.te | 0 {legacy/radio => radio}/property_contexts | 0 radio/radio.te | 6 + {legacy/radio => radio}/rfsd.te | 0 {legacy/radio => radio}/sced.te | 0 {legacy/radio => radio}/seapp_contexts | 0 {legacy/radio => radio}/ssr_detector.te | 0 {legacy/radio => radio}/vcd.te | 0 .../vendor_engineermode_app.te | 0 {legacy/radio => radio}/vendor_ims_app.te | 0 .../radio => radio}/vendor_ims_remote_app.te | 0 {legacy/radio => radio}/vendor_init.te | 0 .../vendor_qualifiednetworks_app.te | 0 {legacy/radio => radio}/vendor_rcs_app.te | 0 .../radio => radio}/vendor_rcs_service_app.te | 0 .../vendor_silentlogging_remote_app.te | 0 .../vendor_telephony_debug_app.te | 0 .../vendor_telephony_silentlogging_app.te | 0 .../vendor_telephony_test_app.te | 0 {legacy/radio => radio}/vold.te | 0 .../private/platform_app.te | 0 tracking_denials/con_monitor_app.te | 36 ++ tracking_denials/dumpstate.te | 2 + tracking_denials/fastbootd.te | 4 + tracking_denials/hal_sensors_default.te | 3 + tracking_denials/hal_usb_impl.te | 2 + tracking_denials/incidentd.te | 3 + tracking_denials/kernel.te | 7 + .../rebalance_interrupts_vendor.te | 0 tracking_denials/ssr_detector_app.te | 6 + tracking_denials/update_engine.te | 2 + tracking_denials/vendor_init.te | 3 + {legacy/vendor => vendor}/audioserver.te | 0 {legacy/vendor => vendor}/bootanim.te | 0 .../vendor => vendor}/cccdk_timesync_app.te | 3 +- {legacy/vendor => vendor}/charger_vendor.te | 0 vendor/chre.te | 16 + vendor/con_monitor_app.te | 3 + vendor/debug_camera_app.te | 8 + vendor/device.te | 20 + {legacy/vendor => vendor}/domain.te | 0 {legacy/vendor => vendor}/dump_gsa.te | 0 {legacy/vendor => vendor}/dump_power.te | 0 {legacy/vendor => vendor}/dump_wlan.te | 0 {legacy/vendor => vendor}/dumpstate.te | 0 {legacy/vendor => vendor}/e2fs.te | 0 {legacy/vendor => vendor}/euiccpixel_app.te | 0 vendor/file.te | 53 +- vendor/file_contexts | 181 +++++- {legacy/vendor => vendor}/fsck.te | 0 vendor/genfs_contexts | 552 ++++++++++++++++-- vendor/google_camera_app.te | 7 + vendor/gxp_logging.te | 10 + .../hal_bluetooth_btlinux.te | 0 .../vendor => vendor}/hal_bootctl_default.te | 4 - .../vendor => vendor}/hal_camera_default.te | 7 - .../hal_contexthub_default.te | 0 .../hal_fingerprint_default.te | 4 - vendor/hal_graphics_allocator_default.te | 6 +- .../hal_graphics_composer_default.te | 0 vendor/hal_health_default.te | 15 + .../vendor => vendor}/hal_memtrack_default.te | 0 {legacy/vendor => vendor}/hal_nfc_default.te | 0 .../vendor => vendor}/hal_power_default.te | 4 +- .../hal_power_stats_default.te | 1 - .../vendor => vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../hal_secure_element_uicc.te | 0 .../vendor => vendor}/hal_sensors_default.te | 6 - .../vendor => vendor}/hal_thermal_default.te | 0 .../vendor => vendor}/hal_usb_gadget_impl.te | 0 {legacy/vendor => vendor}/hal_usb_impl.te | 1 - .../hal_uwb_vendor_default.te | 4 - {legacy/vendor => vendor}/hal_wifi_ext.te | 0 .../vendor => vendor}/hal_wireless_charger.te | 0 {legacy/vendor => vendor}/hwservice.te | 0 {legacy/vendor => vendor}/hwservice_contexts | 0 {legacy/vendor => vendor}/init.te | 0 {legacy/vendor => vendor}/insmod-sh.te | 0 {legacy/vendor => vendor}/installd.te | 0 vendor/kernel.te | 15 + {legacy/vendor => vendor}/logd.te | 0 {legacy/vendor => vendor}/mac_permissions.xml | 0 .../vendor => vendor}/mediacodec_google.te | 1 - vendor/pixeldisplayservice_app.te | 2 + vendor/pixelstats_vendor.te | 23 + {legacy/vendor => vendor}/platform_app.te | 0 {legacy/vendor => vendor}/property.te | 3 - {legacy/vendor => vendor}/property_contexts | 4 - {legacy/vendor => vendor}/ramdump_app.te | 0 {legacy/vendor => vendor}/recovery.te | 0 {legacy/vendor => vendor}/rlsservice.te | 0 vendor/seapp_contexts | 15 + {legacy/vendor => vendor}/service.te | 0 {legacy/vendor => vendor}/service_contexts | 0 {legacy/vendor => vendor}/shell.te | 0 {legacy/vendor => vendor}/surfaceflinger.te | 0 {legacy/vendor => vendor}/system_app.te | 0 {legacy/vendor => vendor}/system_server.te | 1 - {legacy/vendor => vendor}/systemui_app.te | 0 {legacy/vendor => vendor}/tcpdump_logger.te | 0 {legacy/vendor => vendor}/tee.te | 0 {legacy/vendor => vendor}/toolbox.te | 0 {legacy/vendor => vendor}/trusty_apploader.te | 0 {legacy/vendor => vendor}/trusty_metricsd.te | 0 {legacy/vendor => vendor}/twoshay.te | 0 .../vendor => vendor}/ufs_firmware_update.te | 0 {legacy/vendor => vendor}/update_engine.te | 0 {legacy/vendor => vendor}/uwb_vendor_app.te | 0 {legacy/vendor => vendor}/vendor_init.te | 9 +- {legacy/vendor => vendor}/vendor_uwb_init.te | 3 - {legacy/vendor => vendor}/vndservice.te | 0 {legacy/vendor => vendor}/vndservice_contexts | 0 {legacy/vendor => vendor}/wifi_sniffer.te | 0 {legacy/widevine => widevine}/file.te | 0 {legacy/widevine => widevine}/file_contexts | 0 .../widevine => widevine}/hal_drm_clearkey.te | 0 .../widevine => widevine}/hal_drm_widevine.te | 0 .../widevine => widevine}/service_contexts | 0 zumapro-sepolicy.mk | 11 +- 205 files changed, 992 insertions(+), 1309 deletions(-) delete mode 100644 legacy/OWNERS delete mode 100644 legacy/legacy/system_ext/private/property_contexts delete mode 100644 legacy/legacy/system_ext/public/property.te delete mode 100644 legacy/legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/private/property_contexts (100%) delete mode 100644 legacy/radio/keys.conf delete mode 100644 legacy/radio/radio.te delete mode 100644 legacy/radio/rild.te delete mode 100644 legacy/system_ext/private/seapp_contexts delete mode 100644 legacy/system_ext/private/systemui_app.te delete mode 100644 legacy/system_ext/public/systemui_app.te delete mode 100644 legacy/tracking_denials/README.txt delete mode 100644 legacy/tracking_denials/bug_map delete mode 100644 legacy/tracking_denials/kernel.te delete mode 100644 legacy/vendor/certs/app.x509.pem delete mode 100644 legacy/vendor/certs/camera_eng.x509.pem delete mode 100644 legacy/vendor/certs/camera_fishfood.x509.pem delete mode 100644 legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem delete mode 100644 legacy/vendor/chre.te delete mode 100644 legacy/vendor/con_monitor_app.te delete mode 100644 legacy/vendor/debug_camera_app.te delete mode 100644 legacy/vendor/device.te delete mode 100644 legacy/vendor/disable-contaminant-detection-sh.te delete mode 100644 legacy/vendor/dump_cma.te delete mode 100644 legacy/vendor/fastbootd.te delete mode 100644 legacy/vendor/file.te delete mode 100644 legacy/vendor/file_contexts delete mode 100644 legacy/vendor/genfs_contexts delete mode 100644 legacy/vendor/google_camera_app.te delete mode 100644 legacy/vendor/gxp_logging.te delete mode 100644 legacy/vendor/hal_graphics_allocator_default.te delete mode 100644 legacy/vendor/hal_health_default.te delete mode 100644 legacy/vendor/kernel.te delete mode 100644 legacy/vendor/pixeldisplayservice_app.te delete mode 100644 legacy/vendor/pixelstats_vendor.te delete mode 100644 legacy/vendor/seapp_contexts rename legacy/{legacy => }/whitechapel_pro/attributes (100%) rename legacy/{legacy => }/whitechapel_pro/certs/EuiccSupportPixel.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/certs/com_qorvo_uwb.x509.pem (100%) rename legacy/{legacy => }/whitechapel_pro/device.te (70%) rename legacy/{legacy => }/whitechapel_pro/file.te (82%) rename legacy/{legacy => }/whitechapel_pro/file_contexts (93%) rename legacy/{legacy => }/whitechapel_pro/genfs_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/hal_input_processor_default.te (100%) create mode 100644 legacy/whitechapel_pro/keys.conf rename legacy/{legacy => }/whitechapel_pro/mac_permissions.xml (100%) rename legacy/{legacy => }/whitechapel_pro/property.te (100%) rename legacy/{legacy => }/whitechapel_pro/property_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/service.te (100%) rename legacy/{legacy => }/whitechapel_pro/service_contexts (100%) rename legacy/{legacy => }/whitechapel_pro/te_macros (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice.te (100%) rename legacy/{legacy => }/whitechapel_pro/vndservice_contexts (100%) rename {legacy/private => private}/vendor_init.te (100%) rename {legacy/radio => radio}/bipchmgr.te (100%) rename {legacy/radio => radio}/cat_engine_service_app.te (100%) rename {legacy/radio => radio}/cbd.te (100%) rename {legacy/radio => radio}/cbrs_setup.te (100%) rename {legacy/radio => radio}/certs/com_google_mds.x509.pem (100%) rename {legacy/radio => radio}/device.te (100%) rename {legacy/radio => radio}/dmd.te (100%) rename {legacy/radio => radio}/file.te (100%) rename {legacy/radio => radio}/file_contexts (100%) rename {legacy/radio => radio}/fsck.te (100%) rename {legacy/radio => radio}/genfs_contexts (63%) rename {legacy/radio => radio}/gpsd.te (100%) rename {legacy/radio => radio}/grilservice_app.te (92%) rename {legacy/radio => radio}/hal_radioext_default.te (92%) rename {legacy/radio => radio}/hwservice.te (100%) rename {legacy/radio => radio}/hwservice_contexts (100%) rename {legacy/radio => radio}/hwservicemanager.te (100%) rename {legacy/radio => radio}/init.te (100%) rename {legacy/radio => radio}/init_radio.te (100%) create mode 100644 radio/keys.conf rename {legacy/radio => radio}/logger_app.te (91%) rename {legacy/radio => radio}/mac_permissions.xml (100%) rename {legacy/radio => radio}/modem_diagnostic_app.te (100%) rename {legacy/radio => radio}/modem_logging_control.te (100%) rename {legacy/radio => radio}/modem_ml_svc_sit.te (100%) rename {legacy/radio => radio}/modem_svc_sit.te (100%) rename {legacy/radio => radio}/oemrilservice_app.te (100%) rename {legacy/radio => radio}/private/radio.te (100%) rename {legacy/radio => radio}/private/service_contexts (100%) rename {legacy/radio => radio}/property.te (100%) rename {legacy/radio => radio}/property_contexts (100%) rename {legacy/radio => radio}/rfsd.te (100%) rename {legacy/radio => radio}/sced.te (100%) rename {legacy/radio => radio}/seapp_contexts (100%) rename {legacy/radio => radio}/ssr_detector.te (100%) rename {legacy/radio => radio}/vcd.te (100%) rename {legacy/radio => radio}/vendor_engineermode_app.te (100%) rename {legacy/radio => radio}/vendor_ims_app.te (100%) rename {legacy/radio => radio}/vendor_ims_remote_app.te (100%) rename {legacy/radio => radio}/vendor_init.te (100%) rename {legacy/radio => radio}/vendor_qualifiednetworks_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_app.te (100%) rename {legacy/radio => radio}/vendor_rcs_service_app.te (100%) rename {legacy/radio => radio}/vendor_silentlogging_remote_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_debug_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_silentlogging_app.te (100%) rename {legacy/radio => radio}/vendor_telephony_test_app.te (100%) rename {legacy/radio => radio}/vold.te (100%) rename {legacy/system_ext => system_ext}/private/platform_app.te (100%) create mode 100644 tracking_denials/con_monitor_app.te create mode 100644 tracking_denials/dumpstate.te create mode 100644 tracking_denials/fastbootd.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/hal_usb_impl.te create mode 100644 tracking_denials/incidentd.te create mode 100644 tracking_denials/kernel.te rename {legacy/tracking_denials => tracking_denials}/rebalance_interrupts_vendor.te (100%) create mode 100644 tracking_denials/ssr_detector_app.te create mode 100644 tracking_denials/update_engine.te create mode 100644 tracking_denials/vendor_init.te rename {legacy/vendor => vendor}/audioserver.te (100%) rename {legacy/vendor => vendor}/bootanim.te (100%) rename {legacy/vendor => vendor}/cccdk_timesync_app.te (77%) rename {legacy/vendor => vendor}/charger_vendor.te (100%) create mode 100644 vendor/con_monitor_app.te create mode 100644 vendor/debug_camera_app.te rename {legacy/vendor => vendor}/domain.te (100%) rename {legacy/vendor => vendor}/dump_gsa.te (100%) rename {legacy/vendor => vendor}/dump_power.te (100%) rename {legacy/vendor => vendor}/dump_wlan.te (100%) rename {legacy/vendor => vendor}/dumpstate.te (100%) rename {legacy/vendor => vendor}/e2fs.te (100%) rename {legacy/vendor => vendor}/euiccpixel_app.te (100%) rename {legacy/vendor => vendor}/fsck.te (100%) create mode 100644 vendor/google_camera_app.te create mode 100644 vendor/gxp_logging.te rename {legacy/vendor => vendor}/hal_bluetooth_btlinux.te (100%) rename {legacy/vendor => vendor}/hal_bootctl_default.te (77%) rename {legacy/vendor => vendor}/hal_camera_default.te (93%) rename {legacy/vendor => vendor}/hal_contexthub_default.te (100%) rename {legacy/vendor => vendor}/hal_fingerprint_default.te (91%) rename {legacy/vendor => vendor}/hal_graphics_composer_default.te (100%) rename {legacy/vendor => vendor}/hal_memtrack_default.te (100%) rename {legacy/vendor => vendor}/hal_nfc_default.te (100%) rename {legacy/vendor => vendor}/hal_power_default.te (66%) rename {legacy/vendor => vendor}/hal_power_stats_default.te (94%) rename {legacy/vendor => vendor}/hal_radioext_default.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {legacy/vendor => vendor}/hal_secure_element_uicc.te (100%) rename {legacy/vendor => vendor}/hal_sensors_default.te (91%) rename {legacy/vendor => vendor}/hal_thermal_default.te (100%) rename {legacy/vendor => vendor}/hal_usb_gadget_impl.te (100%) rename {legacy/vendor => vendor}/hal_usb_impl.te (93%) rename {legacy/vendor => vendor}/hal_uwb_vendor_default.te (54%) rename {legacy/vendor => vendor}/hal_wifi_ext.te (100%) rename {legacy/vendor => vendor}/hal_wireless_charger.te (100%) rename {legacy/vendor => vendor}/hwservice.te (100%) rename {legacy/vendor => vendor}/hwservice_contexts (100%) rename {legacy/vendor => vendor}/init.te (100%) rename {legacy/vendor => vendor}/insmod-sh.te (100%) rename {legacy/vendor => vendor}/installd.te (100%) create mode 100644 vendor/kernel.te rename {legacy/vendor => vendor}/logd.te (100%) rename {legacy/vendor => vendor}/mac_permissions.xml (100%) rename {legacy/vendor => vendor}/mediacodec_google.te (95%) create mode 100644 vendor/pixeldisplayservice_app.te rename {legacy/vendor => vendor}/platform_app.te (100%) rename {legacy/vendor => vendor}/property.te (87%) rename {legacy/vendor => vendor}/property_contexts (87%) rename {legacy/vendor => vendor}/ramdump_app.te (100%) rename {legacy/vendor => vendor}/recovery.te (100%) rename {legacy/vendor => vendor}/rlsservice.te (100%) create mode 100644 vendor/seapp_contexts rename {legacy/vendor => vendor}/service.te (100%) rename {legacy/vendor => vendor}/service_contexts (100%) rename {legacy/vendor => vendor}/shell.te (100%) rename {legacy/vendor => vendor}/surfaceflinger.te (100%) rename {legacy/vendor => vendor}/system_app.te (100%) rename {legacy/vendor => vendor}/system_server.te (82%) rename {legacy/vendor => vendor}/systemui_app.te (100%) rename {legacy/vendor => vendor}/tcpdump_logger.te (100%) rename {legacy/vendor => vendor}/tee.te (100%) rename {legacy/vendor => vendor}/toolbox.te (100%) rename {legacy/vendor => vendor}/trusty_apploader.te (100%) rename {legacy/vendor => vendor}/trusty_metricsd.te (100%) rename {legacy/vendor => vendor}/twoshay.te (100%) rename {legacy/vendor => vendor}/ufs_firmware_update.te (100%) rename {legacy/vendor => vendor}/update_engine.te (100%) rename {legacy/vendor => vendor}/uwb_vendor_app.te (100%) rename {legacy/vendor => vendor}/vendor_init.te (88%) rename {legacy/vendor => vendor}/vendor_uwb_init.te (53%) rename {legacy/vendor => vendor}/vndservice.te (100%) rename {legacy/vendor => vendor}/vndservice_contexts (100%) rename {legacy/vendor => vendor}/wifi_sniffer.te (100%) rename {legacy/widevine => widevine}/file.te (100%) rename {legacy/widevine => widevine}/file_contexts (100%) rename {legacy/widevine => widevine}/hal_drm_clearkey.te (100%) rename {legacy/widevine => widevine}/hal_drm_widevine.te (100%) rename {legacy/widevine => widevine}/service_contexts (100%) diff --git a/legacy/OWNERS b/legacy/OWNERS deleted file mode 100644 index 791abb4..0000000 --- a/legacy/OWNERS +++ /dev/null @@ -1,3 +0,0 @@ -include platform/system/sepolicy:/OWNERS - -rurumihong@google.com diff --git a/legacy/legacy/system_ext/private/property_contexts b/legacy/legacy/system_ext/private/property_contexts deleted file mode 100644 index 9f462bd..0000000 --- a/legacy/legacy/system_ext/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/legacy/system_ext/public/property.te b/legacy/legacy/system_ext/public/property.te deleted file mode 100644 index 8908e48..0000000 --- a/legacy/legacy/system_ext/public/property.te +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/legacy/whitechapel_pro/keys.conf b/legacy/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index acc82e4..0000000 --- a/legacy/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zuma-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/private/property_contexts b/legacy/private/property_contexts similarity index 100% rename from legacy/legacy/private/property_contexts rename to legacy/private/property_contexts diff --git a/legacy/radio/keys.conf b/legacy/radio/keys.conf deleted file mode 100644 index 4784c60..0000000 --- a/legacy/radio/keys.conf +++ /dev/null @@ -1,3 +0,0 @@ -[@MDS] -ALL : device/google/zuma-sepolicy/radio/certs/com_google_mds.x509.pem - diff --git a/legacy/radio/radio.te b/legacy/radio/radio.te deleted file mode 100644 index 221c812..0000000 --- a/legacy/radio/radio.te +++ /dev/null @@ -1,8 +0,0 @@ -set_prop(radio, telephony_ril_prop) - -allow radio radio_vendor_data_file:dir rw_dir_perms; -allow radio radio_vendor_data_file:file create_file_perms; -allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; -allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rild.te b/legacy/radio/rild.te deleted file mode 100644 index 3a2bac7..0000000 --- a/legacy/radio/rild.te +++ /dev/null @@ -1,42 +0,0 @@ -set_prop(rild, vendor_rild_prop) -set_prop(rild, vendor_modem_prop) -get_prop(rild, vendor_persist_config_default_prop) -get_prop(rild, vendor_carrier_prop) - -get_prop(rild, sota_prop) -get_prop(rild, system_boot_reason_prop) - -set_prop(rild, telephony_ril_prop) - -allow rild proc_net:file rw_file_perms; -allow rild radio_vendor_data_file:dir create_dir_perms; -allow rild radio_vendor_data_file:file create_file_perms; -allow rild rild_vendor_data_file:dir create_dir_perms; -allow rild rild_vendor_data_file:file create_file_perms; -allow rild vendor_fw_file:file r_file_perms; -allow rild mnt_vendor_file:dir r_dir_perms; - -r_dir_file(rild, modem_img_file) - -binder_call(rild, bipchmgr) -binder_call(rild, gpsd) -binder_call(rild, hal_audio_default) -binder_call(rild, modem_svc_sit) -binder_call(rild, vendor_ims_app) -binder_call(rild, vendor_rcs_app) -binder_call(rild, oemrilservice_app) -binder_call(rild, hal_secure_element_uicc) -binder_call(rild, grilservice_app) -binder_call(rild, vendor_engineermode_app) -binder_call(rild, vendor_telephony_debug_app) -binder_call(rild, logger_app) - -crash_dump_fallback(rild) - -# for hal service -add_hwservice(rild, hal_exynos_rild_hwservice) - -# Allow rild to access files on modem img. -allow rild modem_img_file:dir r_dir_perms; -allow rild modem_img_file:file r_file_perms; -allow rild modem_img_file:lnk_file r_file_perms; diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts index e69de29..9f462bd 100644 --- a/legacy/system_ext/private/property_contexts +++ b/legacy/system_ext/private/property_contexts @@ -0,0 +1,2 @@ +# Fingerprint (UDFPS) GHBM/LHBM toggle +persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/private/seapp_contexts b/legacy/system_ext/private/seapp_contexts deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/system_ext/private/systemui_app.te b/legacy/system_ext/private/systemui_app.te deleted file mode 100644 index 99f30ac..0000000 --- a/legacy/system_ext/private/systemui_app.te +++ /dev/null @@ -1,20 +0,0 @@ - -allow systemui_app app_api_service:service_manager find; -allow systemui_app network_score_service:service_manager find; -allow systemui_app overlay_service:service_manager find; -allow systemui_app color_display_service:service_manager find; -allow systemui_app audioserver_service:service_manager find; -allow systemui_app cameraserver_service:service_manager find; -allow systemui_app mediaserver_service:service_manager find; -allow systemui_app mediaextractor_service:service_manager find; -allow systemui_app mediametrics_service:service_manager find; -allow systemui_app radio_service:service_manager find; -allow systemui_app vr_manager_service:service_manager find; -allow systemui_app nfc_service:service_manager find; -allow systemui_app adb_service:service_manager find; -allow systemui_app statsmanager_service:service_manager find; - -get_prop(systemui_app, keyguard_config_prop) -set_prop(systemui_app, bootanim_system_prop) -get_prop(systemui_app, qemu_hw_prop) - diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te index 2b30a6a..8908e48 100644 --- a/legacy/system_ext/public/property.te +++ b/legacy/system_ext/public/property.te @@ -1,4 +1,2 @@ -# Telephony -userdebug_or_eng(` - set_prop(shell, telephony_ril_prop) -') +# Fingerprint (UDFPS) GHBM/LHBM toggle +system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/system_ext/public/systemui_app.te b/legacy/system_ext/public/systemui_app.te deleted file mode 100644 index e69de29..0000000 diff --git a/legacy/tracking_denials/README.txt b/legacy/tracking_denials/README.txt deleted file mode 100644 index 6cfc62d..0000000 --- a/legacy/tracking_denials/README.txt +++ /dev/null @@ -1,2 +0,0 @@ -This folder stores known errors detected by PTS. Be sure to remove relevant -files to reproduce error log on latest ROMs. diff --git a/legacy/tracking_denials/bug_map b/legacy/tracking_denials/bug_map deleted file mode 100644 index 74f2fbb..0000000 --- a/legacy/tracking_denials/bug_map +++ /dev/null @@ -1,10 +0,0 @@ -dump_gxp vendor_gxp_prop file b/287898138 -dumpstate app_zygote process b/288049050 -hal_uwb_default debugfs file b/288049522 -incidentd debugfs_wakeup_sources file b/288049561 -incidentd incidentd anon_inode b/288049561 -insmod-sh insmod-sh key b/274374722 -insmod-sh vendor_regmap_debugfs dir b/274727542 -mtectrl unlabeled dir b/264483752 -systemui_app wm_trace_data_file dir b/288049075 -vendor_init proc file b/289856761 diff --git a/legacy/tracking_denials/kernel.te b/legacy/tracking_denials/kernel.te deleted file mode 100644 index 41b91bd..0000000 --- a/legacy/tracking_denials/kernel.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/vendor/certs/app.x509.pem b/legacy/vendor/certs/app.x509.pem deleted file mode 100644 index 8e3e627..0000000 --- a/legacy/vendor/certs/app.x509.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIEqDCCA5CgAwIBAgIJANWFuGx90071MA0GCSqGSIb3DQEBBAUAMIGUMQswCQYD -VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g -VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE -AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe -Fw0wODA0MTUyMzM2NTZaFw0zNTA5MDEyMzM2NTZaMIGUMQswCQYDVQQGEwJVUzET -MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G -A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p -ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI -hvcNAQEBBQADggENADCCAQgCggEBANbOLggKv+IxTdGNs8/TGFy0PTP6DHThvbbR -24kT9ixcOd9W+EaBPWW+wPPKQmsHxajtWjmQwWfna8mZuSeJS48LIgAZlKkpFeVy -xW0qMBujb8X8ETrWy550NaFtI6t9+u7hZeTfHwqNvacKhp1RbE6dBRGWynwMVX8X -W8N1+UjFaq6GCJukT4qmpN2afb8sCjUigq0GuMwYXrFVee74bQgLHWGJwPmvmLHC -69EH6kWr22ijx4OKXlSIx2xT1AsSHee70w5iDBiK4aph27yH3TxkXy9V89TDdexA -cKk/cVHYNnDBapcavl7y0RiQ4biu8ymM8Ga/nmzhRKya6G0cGw8CAQOjgfwwgfkw -HQYDVR0OBBYEFI0cxb6VTEM8YYY6FbBMvAPyT+CyMIHJBgNVHSMEgcEwgb6AFI0c -xb6VTEM8YYY6FbBMvAPyT+CyoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE -CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH -QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG -CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJANWFuGx90071MAwGA1Ud -EwQFMAMBAf8wDQYJKoZIhvcNAQEEBQADggEBABnTDPEF+3iSP0wNfdIjIz1AlnrP -zgAIHVvXxunW7SBrDhEglQZBbKJEk5kT0mtKoOD1JMrSu1xuTKEBahWRbqHsXcla -XjoBADb0kkjVEJu/Lh5hgYZnOjvlba8Ld7HCKePCVePoTJBdI4fvugnL8TsgK05a -IskyY0hKI9L8KfqfGTl1lzOv2KoWD0KWwtAWPoGChZxmQ+nBli+gwYMzM1vAkP+a -ayLe0a1EQimlOalO762r0GXO0ks+UeXde2Z4e+8S/pf7pITEI/tP+MxJTALw9QUW -Ev9lKTk+jkbqxbsh8nfBUapfKqYn0eidpwq2AzVp3juYl7//fKnaPhJD9gs= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_eng.x509.pem b/legacy/vendor/certs/camera_eng.x509.pem deleted file mode 100644 index 011a9ec..0000000 --- a/legacy/vendor/certs/camera_eng.x509.pem +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx -EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw -NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE -ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO -OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR -+1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb -+DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg -UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX -TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj -rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB -TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK -pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY -DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG -ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 -rscXTxYEf4Tqovc= ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/camera_fishfood.x509.pem b/legacy/vendor/certs/camera_fishfood.x509.pem deleted file mode 100644 index fb11572..0000000 --- a/legacy/vendor/certs/camera_fishfood.x509.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ -BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n -bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w -HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL -MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv -b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 -bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ -jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B -IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe -tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td -0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg -Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b -aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== ------END CERTIFICATE----- diff --git a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem deleted file mode 100644 index 7b8c5b2..0000000 --- a/legacy/vendor/certs/com_google_android_apps_camera_services.x509.pem +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIGCzCCA/OgAwIBAgIVAIHtywgrR7O/EgQ+PeYSfHDaUDt8MA0GCSqGSIb3DQEBCwUAMIGUMQsw -CQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEU -MBIGA1UEChMLR29vZ2xlIEluYy4xEDAOBgNVBAsTB0FuZHJvaWQxMDAuBgNVBAMMJ2NvbV9nb29n -bGVfYW5kcm9pZF9hcHBzX2NhbWVyYV9zZXJ2aWNlczAgFw0yMTA2MzAyMzI2MThaGA8yMDUxMDYz -MDIzMjYxOFowgZQxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1N -b3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEwMC4G -A1UEAwwnY29tX2dvb2dsZV9hbmRyb2lkX2FwcHNfY2FtZXJhX3NlcnZpY2VzMIICIjANBgkqhkiG -9w0BAQEFAAOCAg8AMIICCgKCAgEAof2MqYxoQkV05oUZULYlNLDIJKryWjC8ha300YUktBNNVBSP -1y33+ZTBldm7drcBGo54S1JE1lCIP1dMxby0rNTJ8/Zv2bMVMjXX0haF5vULt64itDcR0SqUDfFR -UsHapPVmRmMpDOMOUYUbN7gjU7iYAc9oWBo6BFfckdpwwKfzYY/sgieen1E/MN7Zpzmefct3WDU5 -4Dc8mpoNsen3oqquieYAgv9FOw5gCIgsDaOfYFBgvAE08Pqo3J/zU6dAuqUJztNH8EhgTNbcaNVL -jCmofa+iIAjSpmP69jcgaUyfmH0EE3/m55qouVRJzqARvmEO/M7LEr3n1ZKKhDZdO6TJysMzP9g8 -pONPO8/3hTQ+GP+7fOQooNQJEGNgJuZOHSyNL/8nGCgHBZKgZdZPKk8HV2M578UDf8yNyV5AYpx0 -VK1JdoBtNMzp0cv7Q6TTugIuDEzT3jmgGGp6WmXE6B9dJOq+cnVC7cSYva8wctFS3RpoqT79vkW3 -A7g2b26bM5GMQ8KcGC4qm4pJkrX5kKZWZGWXjm0F8gRJQ5D0S/AcUw3B+sG/AmfQzLm8SCK36HhO -sFnPsQJ/VdL7kg9HHWrQYVexNaQnD/QLOCenk09COUzSwexws+kQhUH45OSbQFjOJwPbS4YAn9qV -eV+DPlvemZEFYF5+MVlDwOGQ3JsCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtjMO -nlaC4nsk4PwT+fcIYpg52JQwHwYDVR0jBBgwFoAUtjMOnlaC4nsk4PwT+fcIYpg52JQwDQYJKoZI -hvcNAQELBQADggIBABhYDqPD2yWiXNCVtHk6h7Kb2H2U3rc8G7Or1/mwrXSCEgqHnCkpiWeb1h/5 -YNS9fRrexQD+O0hukCpjvIFccQvk8EkZdWpn4kDlrUqfakWpASzlwEqRviS31Hiybn/+QUpYuDTm -FYorrHzDzPiNttzxVK0ENt4T4ETDWVqiGB7tbTlLPr6tz/oxDjRH8y4iS/For7SkfdI512txJgDr -njvRVY9WJykySs+AAqwS1PIMXGoI03UmLJUsFNUjHehaqguPS1uiewlKiQq07blWbnQXdcyH7QTI -hOUPY2rRBh8ciXu4L0Uk4To7+DP/8nHSGC7qXPvP6W3gqW1hj0d6GviMEfJ9fBSUEzaCRF3aL/5e -JOGQQKxh7Jsl/zZs4+MYg0Q2cyg/BQVNNOhESG4et4OV5go9W+1oAy20FV0NgtdPoeb9ABNoi4T3 -IrKLgxOsbACpoDt3zPhncqiJhX3feFtyVV4oRiylydiiYO927qNdfMGmcnGFSG4814kUxSdpkoCA -V7WCQD42zfBYj4pkdZwiJW4yZSaPWN/Eodi3PBsV+10Y1O1WOvebJuTGmcvWWMCPGtFQJDijUy4H -r8rDe3ZmRGQ+vEGPJZC8nx9+qxLQ314ZCzdS0R1HwRRuOji3fCSCnaPQuCFe3YlzhB2j6fRGNf7F -DB17LhMLl0GxX9j1 ------END CERTIFICATE----- diff --git a/legacy/vendor/chre.te b/legacy/vendor/chre.te deleted file mode 100644 index a1d1ca5..0000000 --- a/legacy/vendor/chre.te +++ /dev/null @@ -1,16 +0,0 @@ -type chre, domain; -type chre_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(chre) - -# Permit communication with AoC -allow chre aoc_device:chr_file rw_file_perms; - -# Allow CHRE to determine AoC's current clock -allow chre sysfs_aoc:dir search; -allow chre sysfs_aoc_boottime:file r_file_perms; - -# Allow CHRE to create thread to watch AOC's device -allow chre device:dir r_dir_perms; - -# Allow CHRE to use WakeLock -wakelock_use(chre) diff --git a/legacy/vendor/con_monitor_app.te b/legacy/vendor/con_monitor_app.te deleted file mode 100644 index 7690191..0000000 --- a/legacy/vendor/con_monitor_app.te +++ /dev/null @@ -1,12 +0,0 @@ -# ConnectivityMonitor app -type con_monitor_app, domain; -app_domain(con_monitor_app); - -allow con_monitor_app app_api_service:service_manager find; -allow con_monitor_app batterystats_service:service_manager find; -allow con_monitor_app virtual_device_service:service_manager find; - -binder_call(con_monitor_app, system_server); -binder_call(con_monitor_app, servicemanager); - -set_prop(con_monitor_app, radio_prop); diff --git a/legacy/vendor/debug_camera_app.te b/legacy/vendor/debug_camera_app.te deleted file mode 100644 index 37a19ec..0000000 --- a/legacy/vendor/debug_camera_app.te +++ /dev/null @@ -1,26 +0,0 @@ - -userdebug_or_eng(` - app_domain(debug_camera_app) - net_domain(debug_camera_app) - - allow debug_camera_app app_api_service:service_manager find; - allow debug_camera_app audioserver_service:service_manager find; - allow debug_camera_app cameraserver_service:service_manager find; - allow debug_camera_app mediaextractor_service:service_manager find; - allow debug_camera_app mediametrics_service:service_manager find; - allow debug_camera_app mediaserver_service:service_manager find; - - # Allows GCA-Eng & GCA-Next access the GXP device and properties. - allow debug_camera_app gxp_device:chr_file rw_file_perms; - get_prop(debug_camera_app, vendor_gxp_prop) - - # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. - allow debug_camera_app edgetpu_app_service:service_manager find; - allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - - # Allows GCA_Eng & GCA-Next to access the PowerHAL. - hal_client_domain(debug_camera_app, hal_power) - - # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. - allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; -') diff --git a/legacy/vendor/device.te b/legacy/vendor/device.te deleted file mode 100644 index f63086d..0000000 --- a/legacy/vendor/device.te +++ /dev/null @@ -1,29 +0,0 @@ -type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; -type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; -type mfg_data_block_device, dev_type; -type ufs_internal_block_device, dev_type; -type logbuffer_device, dev_type; -type gxp_device, dev_type, mlstrustedobject; -type hw_jpg_device, dev_type; -userdebug_or_eng(` - typeattribute hw_jpg_device mlstrustedobject; -') -type fingerprint_device, dev_type; -type uci_device, dev_type; - -# Dmabuf heaps -type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; -type faceauth_heap_device, dmabuf_heap_device_type, dev_type; -type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; -type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; - -# SecureElement SPI device -type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/vendor/disable-contaminant-detection-sh.te b/legacy/vendor/disable-contaminant-detection-sh.te deleted file mode 100644 index 95845a1..0000000 --- a/legacy/vendor/disable-contaminant-detection-sh.te +++ /dev/null @@ -1,7 +0,0 @@ -type disable-contaminant-detection-sh, domain; -type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(disable-contaminant-detection-sh) - -allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; -allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; -allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/dump_cma.te b/legacy/vendor/dump_cma.te deleted file mode 100644 index bf5edf2..0000000 --- a/legacy/vendor/dump_cma.te +++ /dev/null @@ -1,7 +0,0 @@ -pixel_bugreport(dump_cma) - -userdebug_or_eng(` - allow dump_cma vendor_toolbox_exec:file execute_no_trans; - allow dump_cma vendor_cma_debugfs:dir r_dir_perms; - allow dump_cma vendor_cma_debugfs:file r_file_perms; -') diff --git a/legacy/vendor/fastbootd.te b/legacy/vendor/fastbootd.te deleted file mode 100644 index c7f6a88..0000000 --- a/legacy/vendor/fastbootd.te +++ /dev/null @@ -1,6 +0,0 @@ -recovery_only(` - allow fastbootd devinfo_block_device:blk_file rw_file_perms; - allow fastbootd sda_block_device:blk_file rw_file_perms; - allow fastbootd sysfs_ota:file rw_file_perms; - allow fastbootd st54spi_device:chr_file rw_file_perms; -') diff --git a/legacy/vendor/file.te b/legacy/vendor/file.te deleted file mode 100644 index 357643a..0000000 --- a/legacy/vendor/file.te +++ /dev/null @@ -1,57 +0,0 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; -type sysfs_pca, sysfs_type, fs_type; -type sysfs_aoc_udfps, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; -type sysfs_gsa_log, sysfs_type, fs_type; - -# Gxp sysfs file -type sysfs_gxp, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; -type sysfs_ospm, sysfs_type, fs_type; diff --git a/legacy/vendor/file_contexts b/legacy/vendor/file_contexts deleted file mode 100644 index 912e59d..0000000 --- a/legacy/vendor/file_contexts +++ /dev/null @@ -1,181 +0,0 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zuma u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot-service\.default-zuma u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_cma\.sh u:object_r:dump_cma_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 -# Vendor libraries -/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libhwjpeg\.so u:object_r:same_process_hal_file:s0 -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautius u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 -/dev/video12 u:object_r:hw_jpg_device:s0 -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/vendor/genfs_contexts b/legacy/vendor/genfs_contexts deleted file mode 100644 index 809910b..0000000 --- a/legacy/vendor/genfs_contexts +++ /dev/null @@ -1,501 +0,0 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# OSPM -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2 u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - -# debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 - -# Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - -# disable contaminant detection -genfscon sysfs /devices/platform/10cb0000.hsi2c u:object_r:sysfs_batteryinfo:s0 - -# Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/chg_stats u:object_r:sysfs_pca:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/0-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/1-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/2-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/3-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/4-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/5-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/7-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/8-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/2-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/2-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/3-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/3-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/4-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/4-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/5-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/5-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/6-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/6-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/7-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/8-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_set_clock_source u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_osc_freq u:object_r:sysfs_aoc_udfps:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/udfps_get_disp_freq u:object_r:sysfs_aoc_udfps:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/legacy/vendor/google_camera_app.te b/legacy/vendor/google_camera_app.te deleted file mode 100644 index f9f5fa0..0000000 --- a/legacy/vendor/google_camera_app.te +++ /dev/null @@ -1,23 +0,0 @@ - -allow google_camera_app app_api_service:service_manager find; -allow google_camera_app audioserver_service:service_manager find; -allow google_camera_app cameraserver_service:service_manager find; -allow google_camera_app mediaextractor_service:service_manager find; -allow google_camera_app mediametrics_service:service_manager find; -allow google_camera_app mediaserver_service:service_manager find; - -# Allows GCA to acccess the GXP device. -allow google_camera_app gxp_device:chr_file rw_file_perms; - -# Allow GCA to access the GXP properies. -get_prop(google_camera_app, vendor_gxp_prop) - -# Allows GCA to access the PowerHAL. -hal_client_domain(google_camera_app, hal_power) - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; - -# Library code may try to access vendor properties, but should be denied -dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/legacy/vendor/gxp_logging.te b/legacy/vendor/gxp_logging.te deleted file mode 100644 index fb78c53..0000000 --- a/legacy/vendor/gxp_logging.te +++ /dev/null @@ -1,22 +0,0 @@ -type gxp_logging, domain; -type gxp_logging_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(gxp_logging) - -# The logging service accesses /dev/gxp -allow gxp_logging gxp_device:chr_file rw_file_perms; - -# Allow logging service to access /sys/class/gxp -allow gxp_logging sysfs_gxp:dir search; -allow gxp_logging sysfs_gxp:file rw_file_perms; - -# Allow logging service to log to stats service for reporting metrics. -allow gxp_logging fwk_stats_service:service_manager find; -binder_call(gxp_logging, system_server); -binder_use(gxp_logging) - -# Allow logging service to read gxp properties. -get_prop(gxp_logging, vendor_gxp_prop) - -# Allow gxp tracing service to send packets to Perfetto -userdebug_or_eng(`perfetto_producer(gxp_logging)') - diff --git a/legacy/vendor/hal_graphics_allocator_default.te b/legacy/vendor/hal_graphics_allocator_default.te deleted file mode 100644 index b624db1..0000000 --- a/legacy/vendor/hal_graphics_allocator_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; -allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; diff --git a/legacy/vendor/hal_health_default.te b/legacy/vendor/hal_health_default.te deleted file mode 100644 index 36e6cb1..0000000 --- a/legacy/vendor/hal_health_default.te +++ /dev/null @@ -1,16 +0,0 @@ -allow hal_health_default mnt_vendor_file:dir search; -allow hal_health_default persist_file:dir search; -allow hal_health_default persist_battery_file:file create_file_perms; -allow hal_health_default persist_battery_file:dir rw_dir_perms; - -set_prop(hal_health_default, vendor_battery_defender_prop) -set_prop(hal_health_default, vendor_shutdown_prop) - -allow hal_health_default fwk_stats_service:service_manager find; - -# Access to /sys/devices/platform/13200000.ufs/* -allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; - -allow hal_health_default sysfs_wlc:dir search; -allow hal_health_default sysfs_batteryinfo:file w_file_perms; diff --git a/legacy/vendor/kernel.te b/legacy/vendor/kernel.te deleted file mode 100644 index 28f140a..0000000 --- a/legacy/vendor/kernel.te +++ /dev/null @@ -1,24 +0,0 @@ -allow kernel vendor_fw_file:dir r_dir_perms; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -dontaudit kernel vendor_maxfg_debugfs:dir search; -dontaudit kernel sepolicy_file:file getattr; -dontaudit kernel system_bootstrap_lib_file:dir getattr; -dontaudit kernel system_bootstrap_lib_file:file getattr; -dontaudit kernel system_dlkm_file:dir getattr; -dontaudit kernel vendor_battery_debugfs:dir search; -dontaudit kernel vendor_charger_debugfs:dir search; - -allow kernel vendor_regmap_debugfs:dir search; - diff --git a/legacy/vendor/pixeldisplayservice_app.te b/legacy/vendor/pixeldisplayservice_app.te deleted file mode 100644 index 736f443..0000000 --- a/legacy/vendor/pixeldisplayservice_app.te +++ /dev/null @@ -1,11 +0,0 @@ - -allow pixeldisplayservice_app proc_vendor_sched:dir r_dir_perms; -allow pixeldisplayservice_app proc_vendor_sched:file w_file_perms; - -allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; -binder_call(pixeldisplayservice_app, hal_graphics_composer_default) - -# Standard system services -allow pixeldisplayservice_app app_api_service:service_manager find; - -allow pixeldisplayservice_app cameraserver_service:service_manager find; diff --git a/legacy/vendor/pixelstats_vendor.te b/legacy/vendor/pixelstats_vendor.te deleted file mode 100644 index f4f447a..0000000 --- a/legacy/vendor/pixelstats_vendor.te +++ /dev/null @@ -1,35 +0,0 @@ -# Battery history -allow pixelstats_vendor battery_history_device:chr_file r_file_perms; - -# BCL -allow pixelstats_vendor sysfs_bcl:dir search; -allow pixelstats_vendor sysfs_bcl:file r_file_perms; -allow pixelstats_vendor mitigation_vendor_data_file:dir search; -allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; -get_prop(pixelstats_vendor, vendor_brownout_reason_prop); - -#vendor-metrics -r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) -allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; -allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; - -# Wireless charge -allow pixelstats_vendor sysfs_wlc:dir search; -allow pixelstats_vendor sysfs_wlc:file rw_file_perms; - -# PCIe Link Statistics -allow pixelstats_vendor sysfs_pcie:dir search; -allow pixelstats_vendor sysfs_pcie:file rw_file_perms; - -allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; - -# Display -r_dir_file(pixelstats_vendor, sysfs_display) -allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; - -#Thermal -r_dir_file(pixelstats_vendor, sysfs_thermal) -allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; - -# Pca charge -allow pixelstats_vendor sysfs_pca:file rw_file_perms; diff --git a/legacy/vendor/seapp_contexts b/legacy/vendor/seapp_contexts deleted file mode 100644 index f994993..0000000 --- a/legacy/vendor/seapp_contexts +++ /dev/null @@ -1,31 +0,0 @@ -# Domain for EuiccSupportPixel -user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all - -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - -# Domain for connectivity monitor -user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all - -# PixelDisplayService -user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldisplayservice_app type=app_data_file levelFrom=all - -# Google Camera -user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all - -# Google Camera Eng -user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all - -# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera -user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all - -# Also label GoogleCameraNext, built with debug keys as debug_camera_app. -user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all - -# Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - -# CccDkTimeSyncService -user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all - diff --git a/legacy/legacy/whitechapel_pro/attributes b/legacy/whitechapel_pro/attributes similarity index 100% rename from legacy/legacy/whitechapel_pro/attributes rename to legacy/whitechapel_pro/attributes diff --git a/legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te similarity index 70% rename from legacy/legacy/whitechapel_pro/device.te rename to legacy/whitechapel_pro/device.te index 7d31940..bf6f21c 100644 --- a/legacy/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -2,3 +2,6 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; + +# Raw HID device +type hidraw_device, dev_type; diff --git a/legacy/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te similarity index 82% rename from legacy/legacy/whitechapel_pro/file.te rename to legacy/whitechapel_pro/file.te index f59a80b..23d748b 100644 --- a/legacy/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -2,6 +2,8 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -17,6 +19,7 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; +type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts similarity index 93% rename from legacy/legacy/whitechapel_pro/file_contexts rename to legacy/whitechapel_pro/file_contexts index 3ee41cd..a9901c0 100644 --- a/legacy/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -41,8 +41,13 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 + +# Raw HID device +/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/genfs_contexts rename to legacy/whitechapel_pro/genfs_contexts diff --git a/legacy/legacy/whitechapel_pro/hal_input_processor_default.te b/legacy/whitechapel_pro/hal_input_processor_default.te similarity index 100% rename from legacy/legacy/whitechapel_pro/hal_input_processor_default.te rename to legacy/whitechapel_pro/hal_input_processor_default.te diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf new file mode 100644 index 0000000..76ea843 --- /dev/null +++ b/legacy/whitechapel_pro/keys.conf @@ -0,0 +1,5 @@ +[@UWB] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/legacy/whitechapel_pro/mac_permissions.xml b/legacy/whitechapel_pro/mac_permissions.xml similarity index 100% rename from legacy/legacy/whitechapel_pro/mac_permissions.xml rename to legacy/whitechapel_pro/mac_permissions.xml diff --git a/legacy/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te similarity index 100% rename from legacy/legacy/whitechapel_pro/property.te rename to legacy/whitechapel_pro/property.te diff --git a/legacy/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/property_contexts rename to legacy/whitechapel_pro/property_contexts diff --git a/legacy/legacy/whitechapel_pro/service.te b/legacy/whitechapel_pro/service.te similarity index 100% rename from legacy/legacy/whitechapel_pro/service.te rename to legacy/whitechapel_pro/service.te diff --git a/legacy/legacy/whitechapel_pro/service_contexts b/legacy/whitechapel_pro/service_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/service_contexts rename to legacy/whitechapel_pro/service_contexts diff --git a/legacy/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros similarity index 100% rename from legacy/legacy/whitechapel_pro/te_macros rename to legacy/whitechapel_pro/te_macros diff --git a/legacy/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice.te rename to legacy/whitechapel_pro/vndservice.te diff --git a/legacy/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts similarity index 100% rename from legacy/legacy/whitechapel_pro/vndservice_contexts rename to legacy/whitechapel_pro/vndservice_contexts diff --git a/legacy/private/vendor_init.te b/private/vendor_init.te similarity index 100% rename from legacy/private/vendor_init.te rename to private/vendor_init.te diff --git a/legacy/radio/bipchmgr.te b/radio/bipchmgr.te similarity index 100% rename from legacy/radio/bipchmgr.te rename to radio/bipchmgr.te diff --git a/legacy/radio/cat_engine_service_app.te b/radio/cat_engine_service_app.te similarity index 100% rename from legacy/radio/cat_engine_service_app.te rename to radio/cat_engine_service_app.te diff --git a/legacy/radio/cbd.te b/radio/cbd.te similarity index 100% rename from legacy/radio/cbd.te rename to radio/cbd.te diff --git a/legacy/radio/cbrs_setup.te b/radio/cbrs_setup.te similarity index 100% rename from legacy/radio/cbrs_setup.te rename to radio/cbrs_setup.te diff --git a/legacy/radio/certs/com_google_mds.x509.pem b/radio/certs/com_google_mds.x509.pem similarity index 100% rename from legacy/radio/certs/com_google_mds.x509.pem rename to radio/certs/com_google_mds.x509.pem diff --git a/legacy/radio/device.te b/radio/device.te similarity index 100% rename from legacy/radio/device.te rename to radio/device.te diff --git a/legacy/radio/dmd.te b/radio/dmd.te similarity index 100% rename from legacy/radio/dmd.te rename to radio/dmd.te diff --git a/legacy/radio/file.te b/radio/file.te similarity index 100% rename from legacy/radio/file.te rename to radio/file.te diff --git a/legacy/radio/file_contexts b/radio/file_contexts similarity index 100% rename from legacy/radio/file_contexts rename to radio/file_contexts diff --git a/legacy/radio/fsck.te b/radio/fsck.te similarity index 100% rename from legacy/radio/fsck.te rename to radio/fsck.te diff --git a/legacy/radio/genfs_contexts b/radio/genfs_contexts similarity index 63% rename from legacy/radio/genfs_contexts rename to radio/genfs_contexts index 6f0199f..347e461 100644 --- a/legacy/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -4,5 +4,8 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 +# GPS +genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 + # Modem -genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 diff --git a/legacy/radio/gpsd.te b/radio/gpsd.te similarity index 100% rename from legacy/radio/gpsd.te rename to radio/gpsd.te diff --git a/legacy/radio/grilservice_app.te b/radio/grilservice_app.te similarity index 92% rename from legacy/radio/grilservice_app.te rename to radio/grilservice_app.te index 16976c9..2525bab 100644 --- a/legacy/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -3,7 +3,6 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; diff --git a/legacy/radio/hal_radioext_default.te b/radio/hal_radioext_default.te similarity index 92% rename from legacy/radio/hal_radioext_default.te rename to radio/hal_radioext_default.te index 7bc0e96..6e17e19 100644 --- a/legacy/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -19,7 +19,6 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/legacy/radio/hwservice.te b/radio/hwservice.te similarity index 100% rename from legacy/radio/hwservice.te rename to radio/hwservice.te diff --git a/legacy/radio/hwservice_contexts b/radio/hwservice_contexts similarity index 100% rename from legacy/radio/hwservice_contexts rename to radio/hwservice_contexts diff --git a/legacy/radio/hwservicemanager.te b/radio/hwservicemanager.te similarity index 100% rename from legacy/radio/hwservicemanager.te rename to radio/hwservicemanager.te diff --git a/legacy/radio/init.te b/radio/init.te similarity index 100% rename from legacy/radio/init.te rename to radio/init.te diff --git a/legacy/radio/init_radio.te b/radio/init_radio.te similarity index 100% rename from legacy/radio/init_radio.te rename to radio/init_radio.te diff --git a/radio/keys.conf b/radio/keys.conf new file mode 100644 index 0000000..45db97d --- /dev/null +++ b/radio/keys.conf @@ -0,0 +1,3 @@ +[@MDS] +ALL : device/google/zumapro-sepolicy/radio/certs/com_google_mds.x509.pem + diff --git a/legacy/radio/logger_app.te b/radio/logger_app.te similarity index 91% rename from legacy/radio/logger_app.te rename to radio/logger_app.te index ab43385..098955d 100644 --- a/legacy/radio/logger_app.te +++ b/radio/logger_app.te @@ -5,9 +5,6 @@ userdebug_or_eng(` allow logger_app radio_vendor_data_file:file create_file_perms; allow logger_app radio_vendor_data_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; - allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; - - binder_call(logger_app, rild) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/legacy/radio/mac_permissions.xml b/radio/mac_permissions.xml similarity index 100% rename from legacy/radio/mac_permissions.xml rename to radio/mac_permissions.xml diff --git a/legacy/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te similarity index 100% rename from legacy/radio/modem_diagnostic_app.te rename to radio/modem_diagnostic_app.te diff --git a/legacy/radio/modem_logging_control.te b/radio/modem_logging_control.te similarity index 100% rename from legacy/radio/modem_logging_control.te rename to radio/modem_logging_control.te diff --git a/legacy/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te similarity index 100% rename from legacy/radio/modem_ml_svc_sit.te rename to radio/modem_ml_svc_sit.te diff --git a/legacy/radio/modem_svc_sit.te b/radio/modem_svc_sit.te similarity index 100% rename from legacy/radio/modem_svc_sit.te rename to radio/modem_svc_sit.te diff --git a/legacy/radio/oemrilservice_app.te b/radio/oemrilservice_app.te similarity index 100% rename from legacy/radio/oemrilservice_app.te rename to radio/oemrilservice_app.te diff --git a/legacy/radio/private/radio.te b/radio/private/radio.te similarity index 100% rename from legacy/radio/private/radio.te rename to radio/private/radio.te diff --git a/legacy/radio/private/service_contexts b/radio/private/service_contexts similarity index 100% rename from legacy/radio/private/service_contexts rename to radio/private/service_contexts diff --git a/legacy/radio/property.te b/radio/property.te similarity index 100% rename from legacy/radio/property.te rename to radio/property.te diff --git a/legacy/radio/property_contexts b/radio/property_contexts similarity index 100% rename from legacy/radio/property_contexts rename to radio/property_contexts diff --git a/radio/radio.te b/radio/radio.te index 7a75779..221c812 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,2 +1,8 @@ set_prop(radio, telephony_ril_prop) +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; +allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; +allow radio aoc_device:chr_file rw_file_perms; +allow radio hal_audio_ext_hwservice:hwservice_manager find; +binder_call(radio, hal_audio_default) diff --git a/legacy/radio/rfsd.te b/radio/rfsd.te similarity index 100% rename from legacy/radio/rfsd.te rename to radio/rfsd.te diff --git a/legacy/radio/sced.te b/radio/sced.te similarity index 100% rename from legacy/radio/sced.te rename to radio/sced.te diff --git a/legacy/radio/seapp_contexts b/radio/seapp_contexts similarity index 100% rename from legacy/radio/seapp_contexts rename to radio/seapp_contexts diff --git a/legacy/radio/ssr_detector.te b/radio/ssr_detector.te similarity index 100% rename from legacy/radio/ssr_detector.te rename to radio/ssr_detector.te diff --git a/legacy/radio/vcd.te b/radio/vcd.te similarity index 100% rename from legacy/radio/vcd.te rename to radio/vcd.te diff --git a/legacy/radio/vendor_engineermode_app.te b/radio/vendor_engineermode_app.te similarity index 100% rename from legacy/radio/vendor_engineermode_app.te rename to radio/vendor_engineermode_app.te diff --git a/legacy/radio/vendor_ims_app.te b/radio/vendor_ims_app.te similarity index 100% rename from legacy/radio/vendor_ims_app.te rename to radio/vendor_ims_app.te diff --git a/legacy/radio/vendor_ims_remote_app.te b/radio/vendor_ims_remote_app.te similarity index 100% rename from legacy/radio/vendor_ims_remote_app.te rename to radio/vendor_ims_remote_app.te diff --git a/legacy/radio/vendor_init.te b/radio/vendor_init.te similarity index 100% rename from legacy/radio/vendor_init.te rename to radio/vendor_init.te diff --git a/legacy/radio/vendor_qualifiednetworks_app.te b/radio/vendor_qualifiednetworks_app.te similarity index 100% rename from legacy/radio/vendor_qualifiednetworks_app.te rename to radio/vendor_qualifiednetworks_app.te diff --git a/legacy/radio/vendor_rcs_app.te b/radio/vendor_rcs_app.te similarity index 100% rename from legacy/radio/vendor_rcs_app.te rename to radio/vendor_rcs_app.te diff --git a/legacy/radio/vendor_rcs_service_app.te b/radio/vendor_rcs_service_app.te similarity index 100% rename from legacy/radio/vendor_rcs_service_app.te rename to radio/vendor_rcs_service_app.te diff --git a/legacy/radio/vendor_silentlogging_remote_app.te b/radio/vendor_silentlogging_remote_app.te similarity index 100% rename from legacy/radio/vendor_silentlogging_remote_app.te rename to radio/vendor_silentlogging_remote_app.te diff --git a/legacy/radio/vendor_telephony_debug_app.te b/radio/vendor_telephony_debug_app.te similarity index 100% rename from legacy/radio/vendor_telephony_debug_app.te rename to radio/vendor_telephony_debug_app.te diff --git a/legacy/radio/vendor_telephony_silentlogging_app.te b/radio/vendor_telephony_silentlogging_app.te similarity index 100% rename from legacy/radio/vendor_telephony_silentlogging_app.te rename to radio/vendor_telephony_silentlogging_app.te diff --git a/legacy/radio/vendor_telephony_test_app.te b/radio/vendor_telephony_test_app.te similarity index 100% rename from legacy/radio/vendor_telephony_test_app.te rename to radio/vendor_telephony_test_app.te diff --git a/legacy/radio/vold.te b/radio/vold.te similarity index 100% rename from legacy/radio/vold.te rename to radio/vold.te diff --git a/legacy/system_ext/private/platform_app.te b/system_ext/private/platform_app.te similarity index 100% rename from legacy/system_ext/private/platform_app.te rename to system_ext/private/platform_app.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te new file mode 100644 index 0000000..3baf986 --- /dev/null +++ b/tracking_denials/con_monitor_app.te @@ -0,0 +1,36 @@ +# b/261518779 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; +dontaudit con_monitor_app system_server:binder { call }; +dontaudit con_monitor_app system_server:binder { transfer }; +dontaudit con_monitor_app system_server:fd { use }; +# b/261783158 +dontaudit con_monitor_app system_file:file { getattr }; +dontaudit con_monitor_app system_file:file { map }; +dontaudit con_monitor_app system_file:file { open }; +dontaudit con_monitor_app system_file:file { read }; +dontaudit con_monitor_app tmpfs:file { execute }; +dontaudit con_monitor_app tmpfs:file { map }; +dontaudit con_monitor_app tmpfs:file { read }; +dontaudit con_monitor_app tmpfs:file { write }; +# b/261933171 +dontaudit con_monitor_app dumpstate:fd { use }; +dontaudit con_monitor_app dumpstate:fifo_file { append }; +dontaudit con_monitor_app dumpstate:fifo_file { write }; +dontaudit con_monitor_app system_server:fifo_file { write }; +dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; +dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; +# b/262455571 +dontaudit con_monitor_app data_file_type:dir { search }; +dontaudit con_monitor_app servicemanager:binder { call }; +dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; +dontaudit con_monitor_app statsdw_socket:sock_file { write }; +dontaudit con_monitor_app system_file:file { execute }; +# b/264489520 +userdebug_or_eng(` + permissive con_monitor_app; +') +# b/267843291 +dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te new file mode 100644 index 0000000..3313642 --- /dev/null +++ b/tracking_denials/dumpstate.te @@ -0,0 +1,2 @@ +# b/277155496 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te new file mode 100644 index 0000000..4428b68 --- /dev/null +++ b/tracking_denials/fastbootd.te @@ -0,0 +1,4 @@ +# b/264489957 +userdebug_or_eng(` + permissive fastbootd; +') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..601c2bb --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,3 @@ +# b/267260619 +dontaudit hal_sensors_default dumpstate:fd { use }; +dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..08db477 --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/267261163 +dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te new file mode 100644 index 0000000..4bd4489 --- /dev/null +++ b/tracking_denials/incidentd.te @@ -0,0 +1,3 @@ +# b/261933310 +dontaudit incidentd debugfs_wakeup_sources:file { open }; +dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te new file mode 100644 index 0000000..23d091b --- /dev/null +++ b/tracking_denials/kernel.te @@ -0,0 +1,7 @@ +# b/262794429 +dontaudit kernel sepolicy_file:file { getattr }; +dontaudit kernel system_bootstrap_lib_file:dir { getattr }; +dontaudit kernel system_bootstrap_lib_file:file { getattr }; +dontaudit kernel system_dlkm_file:dir { getattr }; +# b/263185161 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/legacy/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te similarity index 100% rename from legacy/tracking_denials/rebalance_interrupts_vendor.te rename to tracking_denials/rebalance_interrupts_vendor.te diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te new file mode 100644 index 0000000..d1c8b73 --- /dev/null +++ b/tracking_denials/ssr_detector_app.te @@ -0,0 +1,6 @@ +# b/261651131 +dontaudit ssr_detector_app system_app_data_file:file { open }; +# b/264489567 +userdebug_or_eng(` + permissive ssr_detector_app; +') \ No newline at end of file diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te new file mode 100644 index 0000000..0de59ee --- /dev/null +++ b/tracking_denials/update_engine.te @@ -0,0 +1,2 @@ +# b/267261048 +dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..abfba26 --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,3 @@ +# b/260366195 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init vendor_init:capability2 { block_suspend }; diff --git a/legacy/vendor/audioserver.te b/vendor/audioserver.te similarity index 100% rename from legacy/vendor/audioserver.te rename to vendor/audioserver.te diff --git a/legacy/vendor/bootanim.te b/vendor/bootanim.te similarity index 100% rename from legacy/vendor/bootanim.te rename to vendor/bootanim.te diff --git a/legacy/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te similarity index 77% rename from legacy/vendor/cccdk_timesync_app.te rename to vendor/cccdk_timesync_app.te index 3948edc..f34c5f3 100644 --- a/legacy/vendor/cccdk_timesync_app.te +++ b/vendor/cccdk_timesync_app.te @@ -2,7 +2,6 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; diff --git a/legacy/vendor/charger_vendor.te b/vendor/charger_vendor.te similarity index 100% rename from legacy/vendor/charger_vendor.te rename to vendor/charger_vendor.te diff --git a/vendor/chre.te b/vendor/chre.te index ed15009..7c0ad8f 100644 --- a/vendor/chre.te +++ b/vendor/chre.te @@ -1,4 +1,20 @@ +type chre, domain; +type chre_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(chre) + +# Permit communication with AoC +allow chre aoc_device:chr_file rw_file_perms; + +# Allow CHRE to determine AoC's current clock +allow chre sysfs_aoc:dir search; +allow chre sysfs_aoc_boottime:file r_file_perms; + +# Allow CHRE to create thread to watch AOC's device +allow chre device:dir r_dir_perms; + # Allow CHRE to write to data to chre data directory allow chre chre_data_file:dir create_dir_perms; allow chre chre_data_file:file create_file_perms; +# Allow CHRE to use WakeLock +wakelock_use(chre) diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te new file mode 100644 index 0000000..814c5e8 --- /dev/null +++ b/vendor/con_monitor_app.te @@ -0,0 +1,3 @@ +# ConnectivityMonitor app +type con_monitor_app, domain; +app_domain(con_monitor_app); diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te new file mode 100644 index 0000000..08bf626 --- /dev/null +++ b/vendor/debug_camera_app.te @@ -0,0 +1,8 @@ +userdebug_or_eng(` + # Allows GCA-Eng & GCA-Next access the GXP device. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + + # Allows GCA-Eng & GCA-Next to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +') diff --git a/vendor/device.te b/vendor/device.te index ca6c3ca..226a697 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,3 +1,23 @@ +type persist_block_device, dev_type; +type tee_persist_block_device, dev_type; +type custom_ab_block_device, dev_type; +type devinfo_block_device, dev_type; +type mfg_data_block_device, dev_type; +type ufs_internal_block_device, dev_type; +type logbuffer_device, dev_type; +type gxp_device, dev_type, mlstrustedobject; +type fingerprint_device, dev_type; +type uci_device, dev_type; + # Dmabuf heaps +type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; +type faceauth_heap_device, dmabuf_heap_device_type, dev_type; +type vscaler_secure_heap_device, dmabuf_heap_device_type, dev_type; +type framebuffer_secure_heap_device, dmabuf_heap_device_type, dev_type; type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; +# SecureElement SPI device +type st54spi_device, dev_type; + +# OTA +type sda_block_device, dev_type; diff --git a/legacy/vendor/domain.te b/vendor/domain.te similarity index 100% rename from legacy/vendor/domain.te rename to vendor/domain.te diff --git a/legacy/vendor/dump_gsa.te b/vendor/dump_gsa.te similarity index 100% rename from legacy/vendor/dump_gsa.te rename to vendor/dump_gsa.te diff --git a/legacy/vendor/dump_power.te b/vendor/dump_power.te similarity index 100% rename from legacy/vendor/dump_power.te rename to vendor/dump_power.te diff --git a/legacy/vendor/dump_wlan.te b/vendor/dump_wlan.te similarity index 100% rename from legacy/vendor/dump_wlan.te rename to vendor/dump_wlan.te diff --git a/legacy/vendor/dumpstate.te b/vendor/dumpstate.te similarity index 100% rename from legacy/vendor/dumpstate.te rename to vendor/dumpstate.te diff --git a/legacy/vendor/e2fs.te b/vendor/e2fs.te similarity index 100% rename from legacy/vendor/e2fs.te rename to vendor/e2fs.te diff --git a/legacy/vendor/euiccpixel_app.te b/vendor/euiccpixel_app.te similarity index 100% rename from legacy/vendor/euiccpixel_app.te rename to vendor/euiccpixel_app.te diff --git a/vendor/file.te b/vendor/file.te index fbeb901..b97b93d 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,5 +1,54 @@ -# Faceauth -type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; # Data +type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index 36e396a..1b60fe3 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,5 +1,33 @@ -# Vendor -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -7,18 +35,110 @@ /vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 +# Vendor libraries +/vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 + +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 + +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 + # Devices -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 /dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 /dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 @@ -26,14 +146,67 @@ /dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 /dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 /dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 /dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 /dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 /dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 diff --git a/legacy/vendor/fsck.te b/vendor/fsck.te similarity index 100% rename from legacy/vendor/fsck.te rename to vendor/fsck.te diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a4c9852..e5e1b33 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,53 +1,539 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + # debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 +# Extcon +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + # Battery -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 # Faceauth genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te new file mode 100644 index 0000000..35cd86e --- /dev/null +++ b/vendor/google_camera_app.te @@ -0,0 +1,7 @@ +# Allows GCA to acccess the GXP device and search for the firmware file. +allow google_camera_app gxp_device:chr_file rw_file_perms; +allow google_camera_app vendor_fw_file:dir search; + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/vendor/gxp_logging.te b/vendor/gxp_logging.te new file mode 100644 index 0000000..000138a --- /dev/null +++ b/vendor/gxp_logging.te @@ -0,0 +1,10 @@ +type gxp_logging, domain; +type gxp_logging_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gxp_logging) + +# The logging service accesses /dev/gxp +allow gxp_logging gxp_device:chr_file rw_file_perms; + +# Allow gxp tracing service to send packets to Perfetto +userdebug_or_eng(`perfetto_producer(gxp_logging)') + diff --git a/legacy/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from legacy/vendor/hal_bluetooth_btlinux.te rename to vendor/hal_bluetooth_btlinux.te diff --git a/legacy/vendor/hal_bootctl_default.te b/vendor/hal_bootctl_default.te similarity index 77% rename from legacy/vendor/hal_bootctl_default.te rename to vendor/hal_bootctl_default.te index 2ffeb27..2db4651 100644 --- a/legacy/vendor/hal_bootctl_default.te +++ b/vendor/hal_bootctl_default.te @@ -2,7 +2,3 @@ allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; allow hal_bootctl_default sysfs_ota:file rw_file_perms; allow hal_bootctl_default tee_device:chr_file rw_file_perms; - -recovery_only(` - allow hal_bootctl_default rootfs:dir r_dir_perms; -') diff --git a/legacy/vendor/hal_camera_default.te b/vendor/hal_camera_default.te similarity index 93% rename from legacy/vendor/hal_camera_default.te rename to vendor/hal_camera_default.te index e252b28..a7d9db9 100644 --- a/legacy/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -31,7 +31,6 @@ allow hal_camera_default vendor_camera_data_file:file create_file_perms; # Allow the camera hal to access the GXP device. allow hal_camera_default gxp_device:chr_file rw_file_perms; -get_prop(hal_camera_default, vendor_gxp_prop) # Allow creating dump files for debugging in non-release builds userdebug_or_eng(` @@ -81,9 +80,6 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); -# Allows camera HAL to access the hw_jpeg /dev/video12. -allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; - # For camera hal to talk with rlsservice allow hal_camera_default rls_service:service_manager find; binder_call(hal_camera_default, rlsservice) @@ -101,6 +97,3 @@ dontaudit hal_camera_default system_data_file:dir { search }; # google3 prebuilts attempt to connect to the wrong trace socket, ignore them. dontaudit hal_camera_default traced:unix_stream_socket { connectto }; dontaudit hal_camera_default traced_producer_socket:sock_file { write }; - -# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes -wakelock_use(hal_camera_default) diff --git a/legacy/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te similarity index 100% rename from legacy/vendor/hal_contexthub_default.te rename to vendor/hal_contexthub_default.te diff --git a/legacy/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te similarity index 91% rename from legacy/vendor/hal_fingerprint_default.te rename to vendor/hal_fingerprint_default.te index b0a8116..6aa57dd 100644 --- a/legacy/vendor/hal_fingerprint_default.te +++ b/vendor/hal_fingerprint_default.te @@ -37,7 +37,3 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; - -# Allow fingerprint to access sysfs_aoc_udfps -allow hal_fingerprint_default sysfs_aoc:dir search; -allow hal_fingerprint_default sysfs_aoc_udfps:file rw_file_perms; diff --git a/vendor/hal_graphics_allocator_default.te b/vendor/hal_graphics_allocator_default.te index 08cd256..b624db1 100644 --- a/vendor/hal_graphics_allocator_default.te +++ b/vendor/hal_graphics_allocator_default.te @@ -1,2 +1,6 @@ +allow hal_graphics_allocator_default sensor_direct_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default faceauth_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default dmabuf_system_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default vscaler_secure_heap_device:chr_file r_file_perms; +allow hal_graphics_allocator_default framebuffer_secure_heap_device:chr_file r_file_perms; allow hal_graphics_allocator_default gcma_camera_heap_device:chr_file r_file_perms; - diff --git a/legacy/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te similarity index 100% rename from legacy/vendor/hal_graphics_composer_default.te rename to vendor/hal_graphics_composer_default.te diff --git a/vendor/hal_health_default.te b/vendor/hal_health_default.te index 033042b..c57ef34 100644 --- a/vendor/hal_health_default.te +++ b/vendor/hal_health_default.te @@ -1 +1,16 @@ +allow hal_health_default mnt_vendor_file:dir search; +allow hal_health_default persist_file:dir search; +allow hal_health_default persist_battery_file:file create_file_perms; +allow hal_health_default persist_battery_file:dir rw_dir_perms; + +set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) + +allow hal_health_default fwk_stats_service:service_manager find; + +# Access to /sys/devices/platform/13200000.ufs/* +allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; +allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; + +allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file rw_file_perms; diff --git a/legacy/vendor/hal_memtrack_default.te b/vendor/hal_memtrack_default.te similarity index 100% rename from legacy/vendor/hal_memtrack_default.te rename to vendor/hal_memtrack_default.te diff --git a/legacy/vendor/hal_nfc_default.te b/vendor/hal_nfc_default.te similarity index 100% rename from legacy/vendor/hal_nfc_default.te rename to vendor/hal_nfc_default.te diff --git a/legacy/vendor/hal_power_default.te b/vendor/hal_power_default.te similarity index 66% rename from legacy/vendor/hal_power_default.te rename to vendor/hal_power_default.te index 1f0cd3a..bb86aad 100644 --- a/legacy/vendor/hal_power_default.te +++ b/vendor/hal_power_default.te @@ -4,6 +4,4 @@ allow hal_power_default sysfs_camera:file rw_file_perms; allow hal_power_default sysfs_em_profile:file rw_file_perms; allow hal_power_default sysfs_display:file rw_file_perms; allow hal_power_default sysfs_trusty:file rw_file_perms; -allow hal_power_default sysfs_ospm:file rw_file_perms; -allow hal_power_default sysfs_scsi_devices_0000:file rw_file_perms; -set_prop(hal_power_default, vendor_camera_prop); +set_prop(hal_power_default, vendor_camera_prop); \ No newline at end of file diff --git a/legacy/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te similarity index 94% rename from legacy/vendor/hal_power_stats_default.te rename to vendor/hal_power_stats_default.te index 012debc..2845a0a 100644 --- a/legacy/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -3,7 +3,6 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) -r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) diff --git a/legacy/vendor/hal_radioext_default.te b/vendor/hal_radioext_default.te similarity index 100% rename from legacy/vendor/hal_radioext_default.te rename to vendor/hal_radioext_default.te diff --git a/legacy/vendor/hal_secure_element_st54spi_aidl.te b/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from legacy/vendor/hal_secure_element_st54spi_aidl.te rename to vendor/hal_secure_element_st54spi_aidl.te diff --git a/legacy/vendor/hal_secure_element_uicc.te b/vendor/hal_secure_element_uicc.te similarity index 100% rename from legacy/vendor/hal_secure_element_uicc.te rename to vendor/hal_secure_element_uicc.te diff --git a/legacy/vendor/hal_sensors_default.te b/vendor/hal_sensors_default.te similarity index 91% rename from legacy/vendor/hal_sensors_default.te rename to vendor/hal_sensors_default.te index fe24c8a..b9f6a72 100644 --- a/legacy/vendor/hal_sensors_default.te +++ b/vendor/hal_sensors_default.te @@ -17,9 +17,6 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow sensor HAL to access the thermal service HAL -hal_client_domain(hal_sensors_default, hal_thermal); - # Allow reading of sensor registry persist files and camera persist files. allow hal_sensors_default mnt_vendor_file:dir search; allow hal_sensors_default persist_file:dir search; @@ -49,9 +46,6 @@ binder_call(hal_sensors_default, system_server); # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -# Allow access to raw HID devices for dynamic sensors. -allow hal_sensors_default hidraw_device:chr_file rw_file_perms; - # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; diff --git a/legacy/vendor/hal_thermal_default.te b/vendor/hal_thermal_default.te similarity index 100% rename from legacy/vendor/hal_thermal_default.te rename to vendor/hal_thermal_default.te diff --git a/legacy/vendor/hal_usb_gadget_impl.te b/vendor/hal_usb_gadget_impl.te similarity index 100% rename from legacy/vendor/hal_usb_gadget_impl.te rename to vendor/hal_usb_gadget_impl.te diff --git a/legacy/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te similarity index 93% rename from legacy/vendor/hal_usb_impl.te rename to vendor/hal_usb_impl.te index 27d7bdd..15d74c5 100644 --- a/legacy/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -7,7 +7,6 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; -allow hal_usb_impl dumpstate:fd use; # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; diff --git a/legacy/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te similarity index 54% rename from legacy/vendor/hal_uwb_vendor_default.te rename to vendor/hal_uwb_vendor_default.te index ac5d7e7..06a67d0 100644 --- a/legacy/vendor/hal_uwb_vendor_default.te +++ b/vendor/hal_uwb_vendor_default.te @@ -3,7 +3,3 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) -allow hal_uwb_default selinuxfs:file r_file_perms; - -allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; -allow hal_uwb_default uwb_data_vendor:file create_file_perms; diff --git a/legacy/vendor/hal_wifi_ext.te b/vendor/hal_wifi_ext.te similarity index 100% rename from legacy/vendor/hal_wifi_ext.te rename to vendor/hal_wifi_ext.te diff --git a/legacy/vendor/hal_wireless_charger.te b/vendor/hal_wireless_charger.te similarity index 100% rename from legacy/vendor/hal_wireless_charger.te rename to vendor/hal_wireless_charger.te diff --git a/legacy/vendor/hwservice.te b/vendor/hwservice.te similarity index 100% rename from legacy/vendor/hwservice.te rename to vendor/hwservice.te diff --git a/legacy/vendor/hwservice_contexts b/vendor/hwservice_contexts similarity index 100% rename from legacy/vendor/hwservice_contexts rename to vendor/hwservice_contexts diff --git a/legacy/vendor/init.te b/vendor/init.te similarity index 100% rename from legacy/vendor/init.te rename to vendor/init.te diff --git a/legacy/vendor/insmod-sh.te b/vendor/insmod-sh.te similarity index 100% rename from legacy/vendor/insmod-sh.te rename to vendor/insmod-sh.te diff --git a/legacy/vendor/installd.te b/vendor/installd.te similarity index 100% rename from legacy/vendor/installd.te rename to vendor/installd.te diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..0f2e18e --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1,15 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; diff --git a/legacy/vendor/logd.te b/vendor/logd.te similarity index 100% rename from legacy/vendor/logd.te rename to vendor/logd.te diff --git a/legacy/vendor/mac_permissions.xml b/vendor/mac_permissions.xml similarity index 100% rename from legacy/vendor/mac_permissions.xml rename to vendor/mac_permissions.xml diff --git a/legacy/vendor/mediacodec_google.te b/vendor/mediacodec_google.te similarity index 95% rename from legacy/vendor/mediacodec_google.te rename to vendor/mediacodec_google.te index 3056cf9..1c6413a 100644 --- a/legacy/vendor/mediacodec_google.te +++ b/vendor/mediacodec_google.te @@ -16,7 +16,6 @@ allow mediacodec_google dmabuf_system_heap_device:chr_file r_file_perms; allow mediacodec_google dmabuf_system_secure_heap_device:chr_file r_file_perms; allow mediacodec_google video_device:chr_file rw_file_perms; allow mediacodec_google gpu_device:chr_file rw_file_perms; -allow mediacodec_google self:global_capability_class_set sys_nice; crash_dump_fallback(mediacodec_google) diff --git a/vendor/pixeldisplayservice_app.te b/vendor/pixeldisplayservice_app.te new file mode 100644 index 0000000..e9c8d78 --- /dev/null +++ b/vendor/pixeldisplayservice_app.te @@ -0,0 +1,2 @@ +allow pixeldisplayservice_app hal_pixel_display_service:service_manager find; +binder_call(pixeldisplayservice_app, hal_graphics_composer_default) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 14824fc..192616b 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,5 +1,28 @@ +# Batery history +allow pixelstats_vendor battery_history_device:chr_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file rw_file_perms; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); + #vendor-metrics r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; +# Wireless charge +allow pixelstats_vendor sysfs_wlc:dir search; +allow pixelstats_vendor sysfs_wlc:file rw_file_perms; + +# PCIe Link Statistics +allow pixelstats_vendor sysfs_pcie:dir search; +allow pixelstats_vendor sysfs_pcie:file rw_file_perms; + +allow pixelstats_vendor sysfs_pixelstats:file r_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; diff --git a/legacy/vendor/platform_app.te b/vendor/platform_app.te similarity index 100% rename from legacy/vendor/platform_app.te rename to vendor/platform_app.te diff --git a/legacy/vendor/property.te b/vendor/property.te similarity index 87% rename from legacy/vendor/property.te rename to vendor/property.te index 814beb2..105574b 100644 --- a/legacy/vendor/property.te +++ b/vendor/property.te @@ -16,6 +16,3 @@ vendor_restricted_prop(vendor_arm_runtime_option_prop) # ArmNN vendor_internal_prop(vendor_armnn_config_prop) - -# Gxp properties -system_vendor_config_prop(vendor_gxp_prop) diff --git a/legacy/vendor/property_contexts b/vendor/property_contexts similarity index 87% rename from legacy/vendor/property_contexts rename to vendor/property_contexts index c77827d..e837a5c 100644 --- a/legacy/vendor/property_contexts +++ b/vendor/property_contexts @@ -4,7 +4,6 @@ vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint -persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 @@ -24,6 +23,3 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # ArmNN configuration ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix - -# Gxp -vendor.gxp. u:object_r:vendor_gxp_prop:s0 diff --git a/legacy/vendor/ramdump_app.te b/vendor/ramdump_app.te similarity index 100% rename from legacy/vendor/ramdump_app.te rename to vendor/ramdump_app.te diff --git a/legacy/vendor/recovery.te b/vendor/recovery.te similarity index 100% rename from legacy/vendor/recovery.te rename to vendor/recovery.te diff --git a/legacy/vendor/rlsservice.te b/vendor/rlsservice.te similarity index 100% rename from legacy/vendor/rlsservice.te rename to vendor/rlsservice.te diff --git a/vendor/seapp_contexts b/vendor/seapp_contexts new file mode 100644 index 0000000..ed23ae5 --- /dev/null +++ b/vendor/seapp_contexts @@ -0,0 +1,15 @@ +# Domain for EuiccSupportPixel +user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all + +# coredump/ramdump +user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all + +# Domain for connectivity monitor +user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all + +# Qorvo UWB system app +# TODO(b/222204912): Should this run under uwb user? +user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all + +# CccDkTimeSyncService +user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all diff --git a/legacy/vendor/service.te b/vendor/service.te similarity index 100% rename from legacy/vendor/service.te rename to vendor/service.te diff --git a/legacy/vendor/service_contexts b/vendor/service_contexts similarity index 100% rename from legacy/vendor/service_contexts rename to vendor/service_contexts diff --git a/legacy/vendor/shell.te b/vendor/shell.te similarity index 100% rename from legacy/vendor/shell.te rename to vendor/shell.te diff --git a/legacy/vendor/surfaceflinger.te b/vendor/surfaceflinger.te similarity index 100% rename from legacy/vendor/surfaceflinger.te rename to vendor/surfaceflinger.te diff --git a/legacy/vendor/system_app.te b/vendor/system_app.te similarity index 100% rename from legacy/vendor/system_app.te rename to vendor/system_app.te diff --git a/legacy/vendor/system_server.te b/vendor/system_server.te similarity index 82% rename from legacy/vendor/system_server.te rename to vendor/system_server.te index de29de3..853e3cf 100644 --- a/legacy/vendor/system_server.te +++ b/vendor/system_server.te @@ -1,6 +1,5 @@ # Allow system server to send sensor data callbacks to GPS binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); -binder_call(system_server, con_monitor_app); allow system_server arm_mali_platform_service:service_manager find; diff --git a/legacy/vendor/systemui_app.te b/vendor/systemui_app.te similarity index 100% rename from legacy/vendor/systemui_app.te rename to vendor/systemui_app.te diff --git a/legacy/vendor/tcpdump_logger.te b/vendor/tcpdump_logger.te similarity index 100% rename from legacy/vendor/tcpdump_logger.te rename to vendor/tcpdump_logger.te diff --git a/legacy/vendor/tee.te b/vendor/tee.te similarity index 100% rename from legacy/vendor/tee.te rename to vendor/tee.te diff --git a/legacy/vendor/toolbox.te b/vendor/toolbox.te similarity index 100% rename from legacy/vendor/toolbox.te rename to vendor/toolbox.te diff --git a/legacy/vendor/trusty_apploader.te b/vendor/trusty_apploader.te similarity index 100% rename from legacy/vendor/trusty_apploader.te rename to vendor/trusty_apploader.te diff --git a/legacy/vendor/trusty_metricsd.te b/vendor/trusty_metricsd.te similarity index 100% rename from legacy/vendor/trusty_metricsd.te rename to vendor/trusty_metricsd.te diff --git a/legacy/vendor/twoshay.te b/vendor/twoshay.te similarity index 100% rename from legacy/vendor/twoshay.te rename to vendor/twoshay.te diff --git a/legacy/vendor/ufs_firmware_update.te b/vendor/ufs_firmware_update.te similarity index 100% rename from legacy/vendor/ufs_firmware_update.te rename to vendor/ufs_firmware_update.te diff --git a/legacy/vendor/update_engine.te b/vendor/update_engine.te similarity index 100% rename from legacy/vendor/update_engine.te rename to vendor/update_engine.te diff --git a/legacy/vendor/uwb_vendor_app.te b/vendor/uwb_vendor_app.te similarity index 100% rename from legacy/vendor/uwb_vendor_app.te rename to vendor/uwb_vendor_app.te diff --git a/legacy/vendor/vendor_init.te b/vendor/vendor_init.te similarity index 88% rename from legacy/vendor/vendor_init.te rename to vendor/vendor_init.te index 3abf696..373eeaf 100644 --- a/legacy/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -11,9 +11,6 @@ allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; -# Allow for checking NSP permissions -allow vendor_init tee_data_file:lnk_file read; - userdebug_or_eng(` allow vendor_init vendor_init:lockdown { integrity }; ') @@ -29,16 +26,12 @@ set_prop(vendor_init, vendor_secure_element_prop) # USB property set_prop(vendor_init, vendor_usb_config_prop) -set_prop(vendor_init, vendor_ssrdump_prop) - # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) +set_prop(vendor_init, vendor_ssrdump_prop) # ArmNN set_prop(vendor_init, vendor_armnn_config_prop) # MM allow vendor_init proc_watermark_scale_factor:file w_file_perms; - -# Gxp -set_prop(vendor_init, vendor_gxp_prop) diff --git a/legacy/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te similarity index 53% rename from legacy/vendor/vendor_uwb_init.te rename to vendor/vendor_uwb_init.te index 9008238..5216019 100644 --- a/legacy/vendor/vendor_uwb_init.te +++ b/vendor/vendor_uwb_init.te @@ -2,6 +2,3 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) - -allow vendor_uwb_init uwb_data_vendor:file create_file_perms; -allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; diff --git a/legacy/vendor/vndservice.te b/vendor/vndservice.te similarity index 100% rename from legacy/vendor/vndservice.te rename to vendor/vndservice.te diff --git a/legacy/vendor/vndservice_contexts b/vendor/vndservice_contexts similarity index 100% rename from legacy/vendor/vndservice_contexts rename to vendor/vndservice_contexts diff --git a/legacy/vendor/wifi_sniffer.te b/vendor/wifi_sniffer.te similarity index 100% rename from legacy/vendor/wifi_sniffer.te rename to vendor/wifi_sniffer.te diff --git a/legacy/widevine/file.te b/widevine/file.te similarity index 100% rename from legacy/widevine/file.te rename to widevine/file.te diff --git a/legacy/widevine/file_contexts b/widevine/file_contexts similarity index 100% rename from legacy/widevine/file_contexts rename to widevine/file_contexts diff --git a/legacy/widevine/hal_drm_clearkey.te b/widevine/hal_drm_clearkey.te similarity index 100% rename from legacy/widevine/hal_drm_clearkey.te rename to widevine/hal_drm_clearkey.te diff --git a/legacy/widevine/hal_drm_widevine.te b/widevine/hal_drm_widevine.te similarity index 100% rename from legacy/widevine/hal_drm_widevine.te rename to widevine/hal_drm_widevine.te diff --git a/legacy/widevine/service_contexts b/widevine/service_contexts similarity index 100% rename from legacy/widevine/service_contexts rename to widevine/service_contexts diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index 66c4d34..f202935 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -17,15 +17,8 @@ SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/system_ext/pr BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/whitechapel_pro -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/private -SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/public -SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/legacy/system_ext/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/vendor -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio -PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/radio/private -BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/tracking_denials -PRODUCT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/public +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private + From 9d124e7dddfdff9a11c4beff88170c84e32e6cf3 Mon Sep 17 00:00:00 2001 From: Zheng Pan Date: Tue, 22 Aug 2023 13:29:54 -0700 Subject: [PATCH 046/321] update selinux policy based on new i2c bus id Bug: 296941196 Test: Check logcat and make sure no permission deny Change-Id: Ib82ba45c600f940c0253b165fbe2f5676990231f --- vendor/genfs_contexts | 423 +++++------------------------------------- 1 file changed, 51 insertions(+), 372 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e5e1b33..4091c93 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -31,15 +31,7 @@ genfscon debugfs /maxfg u:object genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 # Extcon -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 # Storage genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 @@ -90,51 +82,29 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/p genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 # Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 # Power Stats -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 @@ -157,336 +127,45 @@ genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003c/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/0-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/1-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/6-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-7/7-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0065/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-0/0-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-1/1-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-2/2-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-3/3-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-4/4-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-7/7-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-8/8-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-9/9-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-5/5-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 # wake up nodes -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-0/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-0/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-1/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-1/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-2/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-2/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-3/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-3/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-4/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-4/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-5/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-5/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-6/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-6/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-7/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-7/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c80000.hsi2c/i2c-8/6-0008/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003c/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-8/7-003b/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/tcpm-source-psy-8-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0025/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0036/power_supply/maxfg/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/pca94xx-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-0/0-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-1/1-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-2/2-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-3/3-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-4/4-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-5/5-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-6/6-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-7/7-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-8/8-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/1-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/0-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-0/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-0/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-1/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-1/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-2/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-2/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-3/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-3/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-4/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-4/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-5/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-5/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-6/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-6/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-7/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-meter/s2mpg14-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/s2mpg14-rtc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-8/0-001f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/s2mpg15-meter/s2mpg15-odpm/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/1-002f/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 From 8d86f12d0e09ce84ceacbb76dfecd4ecfa652ab2 Mon Sep 17 00:00:00 2001 From: Alec Foster Date: Fri, 25 Aug 2023 19:03:43 +0000 Subject: [PATCH 047/321] Add selinux policy for QFP UDFPS. Bug: 295228935 Test: adb logcat -b events -e avc -d Test: Fingerprint sensor works. Change-Id: I22a92d6acdc8b4211bf84f33ab9d7c524f078ebc --- vendor/file.te | 2 ++ vendor/file_contexts | 12 +++++++----- vendor/genfs_contexts | 1 + vendor/hal_fingerprint_default.te | 20 ++++++++++++++++++++ vendor/hwservice_contexts | 2 +- vendor/property_contexts | 1 + 6 files changed, 32 insertions(+), 6 deletions(-) diff --git a/vendor/file.te b/vendor/file.te index b97b93d..4c01d25 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -3,6 +3,7 @@ type persist_display_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; type persist_camera_file, file_type, vendor_persist_type; type persist_sensor_reg_file, file_type, vendor_persist_type; +type persist_fingerprint_file, file_type, vendor_persist_type; #sysfs type sysfs_power_dump, sysfs_type, fs_type; @@ -36,6 +37,7 @@ type vendor_bt_data_file, file_type, data_file_type; # Data type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; +type vendor_fingerprint_data_file, file_type, data_file_type; # Vendor sched files userdebug_or_eng(` diff --git a/vendor/file_contexts b/vendor/file_contexts index 1b60fe3..8e8fb4a 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -3,9 +3,7 @@ /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 @@ -25,9 +23,10 @@ /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 @@ -41,12 +40,14 @@ # Vendor /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 /data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 # persist /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 /mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 +/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0 # Devices /dev/bbd_pwrstat u:object_r:power_stats_device:s0 @@ -89,7 +90,6 @@ /dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 /dev/gxp u:object_r:gxp_device:s0 /dev/mali0 u:object_r:gpu_device:s0 -/dev/goodix_fp u:object_r:fingerprint_device:s0 /dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 /dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 @@ -210,3 +210,5 @@ /dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 /dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/uci u:object_r:uci_device:s0 +/dev/qbt_ipc u:object_r:fingerprint_device:s0 +/dev/qbt_fd u:object_r:fingerprint_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e5e1b33..5e3243e 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -496,6 +496,7 @@ genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 # Trusty genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 diff --git a/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te index 6aa57dd..c60c609 100644 --- a/vendor/hal_fingerprint_default.te +++ b/vendor/hal_fingerprint_default.te @@ -37,3 +37,23 @@ hal_client_domain(hal_fingerprint_default, hal_thermal); # allow fingerprint to read sysfs_leds allow hal_fingerprint_default sysfs_leds:file r_file_perms; allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; + +# allow fingerprint to wakeup to trigger calibration scans and sleep after +allow hal_fingerprint_default self:capability2 wake_alarm; +allow hal_fingerprint_default self:capability2 block_suspend; + +# allow fingerprint to search for files +# TODO: b/297562630 - remove unecessary permissions once not needed +allow hal_fingerprint_default mnt_vendor_file:dir search; +allow hal_fingerprint_default vendor_misc_data_file:dir search; +allow hal_fingerprint_default persist_file:dir search; + +# allow fingerprint to rw config and calibration files in persist +# TODO: b/297562630 - remove unecessary permissions once not needed +allow hal_fingerprint_default persist_fingerprint_file:dir search; +allow hal_fingerprint_default persist_fingerprint_file:file create_file_perms; + +# allow fingerprint to rw data files +# TODO: b/297562630 - remove unecessary permissions once not needed +allow hal_fingerprint_default vendor_fingerprint_data_file:dir create_dir_perms; +allow hal_fingerprint_default vendor_fingerprint_data_file:file create_file_perms; diff --git a/vendor/hwservice_contexts b/vendor/hwservice_contexts index 9f86e04..dd24a5f 100644 --- a/vendor/hwservice_contexts +++ b/vendor/hwservice_contexts @@ -1,2 +1,2 @@ # Fingerprint -vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0 +vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_ext_hwservice:s0 diff --git a/vendor/property_contexts b/vendor/property_contexts index e837a5c..f456434 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -6,6 +6,7 @@ vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # Fingerprint vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 +persist.vendor.qfp. u:object_r:vendor_fingerprint_prop:s0 # Battery vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 From a2e02afde84822d350c03b14b77789787f8c93d9 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki Date: Mon, 28 Aug 2023 19:12:46 +0000 Subject: [PATCH 048/321] adding zumapro BMS sepolicy entries Bug: 296941196 Test: build/flash/adb bugreport Change-Id: I97185198f0147c5e7bd836b3e1b7e23284c6fe9b Signed-off-by: Daniel Okazaki --- vendor/genfs_contexts | 44 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 36 insertions(+), 8 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 4091c93..e565eb6 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -127,22 +127,37 @@ genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 # wake up nodes genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 @@ -150,6 +165,19 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 + genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 From 3e84a7d11f4f233b3b8df2948a7fb48845d6f710 Mon Sep 17 00:00:00 2001 From: Luis Delgado de Mendoza Date: Tue, 29 Aug 2023 16:06:34 -0700 Subject: [PATCH 049/321] Add sepolicy for chre.wakeup/non-wakeup channels. Somehow this didn't transfer from previous platforms and needs to be added. Bug: 296209514 Test: presubmits Change-Id: I9ccaa515e1be3f882868400d25c2617dd4db61b6 --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8688c31..35d0f9d 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -185,6 +185,8 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 From eac7ac91c3bf269d23001e5e8fb29c88b71371ab Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 1 Sep 2023 15:40:11 +0800 Subject: [PATCH 050/321] Remove legacy tracking_denials Bug: 296187211 Change-Id: I5c400c5ed8daf18b5d9176ab0ffd5d4a5323689a --- tracking_denials/con_monitor_app.te | 36 ------------------- tracking_denials/dumpstate.te | 2 -- tracking_denials/fastbootd.te | 4 --- tracking_denials/hal_sensors_default.te | 3 -- tracking_denials/hal_usb_impl.te | 2 -- tracking_denials/incidentd.te | 3 -- tracking_denials/kernel.te | 7 ---- tracking_denials/permissive.te | 4 +++ .../rebalance_interrupts_vendor.te | 2 -- tracking_denials/ssr_detector_app.te | 6 ---- tracking_denials/systemui_app.te | 6 ---- tracking_denials/update_engine.te | 2 -- tracking_denials/vendor_init.te | 3 -- 13 files changed, 4 insertions(+), 76 deletions(-) delete mode 100644 tracking_denials/con_monitor_app.te delete mode 100644 tracking_denials/dumpstate.te delete mode 100644 tracking_denials/fastbootd.te delete mode 100644 tracking_denials/hal_sensors_default.te delete mode 100644 tracking_denials/hal_usb_impl.te delete mode 100644 tracking_denials/incidentd.te delete mode 100644 tracking_denials/kernel.te delete mode 100644 tracking_denials/rebalance_interrupts_vendor.te delete mode 100644 tracking_denials/ssr_detector_app.te delete mode 100644 tracking_denials/systemui_app.te delete mode 100644 tracking_denials/update_engine.te delete mode 100644 tracking_denials/vendor_init.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te deleted file mode 100644 index 3baf986..0000000 --- a/tracking_denials/con_monitor_app.te +++ /dev/null @@ -1,36 +0,0 @@ -# b/261518779 -dontaudit con_monitor_app activity_service:service_manager { find }; -dontaudit con_monitor_app content_capture_service:service_manager { find }; -dontaudit con_monitor_app game_service:service_manager { find }; -dontaudit con_monitor_app netstats_service:service_manager { find }; -dontaudit con_monitor_app system_server:binder { call }; -dontaudit con_monitor_app system_server:binder { transfer }; -dontaudit con_monitor_app system_server:fd { use }; -# b/261783158 -dontaudit con_monitor_app system_file:file { getattr }; -dontaudit con_monitor_app system_file:file { map }; -dontaudit con_monitor_app system_file:file { open }; -dontaudit con_monitor_app system_file:file { read }; -dontaudit con_monitor_app tmpfs:file { execute }; -dontaudit con_monitor_app tmpfs:file { map }; -dontaudit con_monitor_app tmpfs:file { read }; -dontaudit con_monitor_app tmpfs:file { write }; -# b/261933171 -dontaudit con_monitor_app dumpstate:fd { use }; -dontaudit con_monitor_app dumpstate:fifo_file { append }; -dontaudit con_monitor_app dumpstate:fifo_file { write }; -dontaudit con_monitor_app system_server:fifo_file { write }; -dontaudit con_monitor_app tombstoned:unix_stream_socket { connectto }; -dontaudit con_monitor_app tombstoned_java_trace_socket:sock_file { write }; -# b/262455571 -dontaudit con_monitor_app data_file_type:dir { search }; -dontaudit con_monitor_app servicemanager:binder { call }; -dontaudit con_monitor_app statsd:unix_dgram_socket { sendto }; -dontaudit con_monitor_app statsdw_socket:sock_file { write }; -dontaudit con_monitor_app system_file:file { execute }; -# b/264489520 -userdebug_or_eng(` - permissive con_monitor_app; -') -# b/267843291 -dontaudit con_monitor_app resourcecache_data_file:file { read }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te deleted file mode 100644 index 3313642..0000000 --- a/tracking_denials/dumpstate.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/277155496 -dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te deleted file mode 100644 index 4428b68..0000000 --- a/tracking_denials/fastbootd.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/264489957 -userdebug_or_eng(` - permissive fastbootd; -') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index 601c2bb..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/267260619 -dontaudit hal_sensors_default dumpstate:fd { use }; -dontaudit hal_sensors_default dumpstate:fifo_file { write }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te deleted file mode 100644 index 08db477..0000000 --- a/tracking_denials/hal_usb_impl.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261163 -dontaudit hal_usb_impl dumpstate:fd { use }; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te deleted file mode 100644 index 4bd4489..0000000 --- a/tracking_denials/incidentd.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/261933310 -dontaudit incidentd debugfs_wakeup_sources:file { open }; -dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te deleted file mode 100644 index 23d091b..0000000 --- a/tracking_denials/kernel.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/262794429 -dontaudit kernel sepolicy_file:file { getattr }; -dontaudit kernel system_bootstrap_lib_file:dir { getattr }; -dontaudit kernel system_bootstrap_lib_file:file { getattr }; -dontaudit kernel system_dlkm_file:dir { getattr }; -# b/263185161 -dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te index 34a6823..9fe4973 100644 --- a/tracking_denials/permissive.te +++ b/tracking_denials/permissive.te @@ -14,4 +14,8 @@ userdebug_or_eng(` permissive kernel; permissive hal_power_default; permissive servicemanager; + permissive con_monitor_app; + permissive systemui_app; + permissive ssr_detector_app; + permissive fastbootd; ') diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te deleted file mode 100644 index f38b36f..0000000 --- a/tracking_denials/rebalance_interrupts_vendor.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/260366278 -dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te deleted file mode 100644 index d1c8b73..0000000 --- a/tracking_denials/ssr_detector_app.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/261651131 -dontaudit ssr_detector_app system_app_data_file:file { open }; -# b/264489567 -userdebug_or_eng(` - permissive ssr_detector_app; -') \ No newline at end of file diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te deleted file mode 100644 index e4416d8..0000000 --- a/tracking_denials/systemui_app.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/272628396 -#dontaudit systemui_app service_manager_type:service_manager find; -# b/294300348 -userdebug_or_eng(` - permissive systemui_app; -') diff --git a/tracking_denials/update_engine.te b/tracking_denials/update_engine.te deleted file mode 100644 index 0de59ee..0000000 --- a/tracking_denials/update_engine.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/267261048 -dontaudit update_engine dumpstate:fd { use }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te deleted file mode 100644 index abfba26..0000000 --- a/tracking_denials/vendor_init.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/260366195 -dontaudit vendor_init debugfs_trace_marker:file { getattr }; -dontaudit vendor_init vendor_init:capability2 { block_suspend }; From 863d41f6c6a20c8621bce5ae2a158f9b8c38af1b Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 1 Sep 2023 15:59:33 +0800 Subject: [PATCH 051/321] Move vendor to legacy/zuma/vendor Bug: 296187211 Change-Id: I28450565c4ee585060387ad988e7efbb1620eaee --- {vendor => legacy/zuma/vendor}/audioserver.te | 0 {vendor => legacy/zuma/vendor}/bootanim.te | 0 .../zuma/vendor}/cccdk_timesync_app.te | 0 .../zuma/vendor}/certs/app.x509.pem | 0 .../zuma/vendor}/certs/camera_eng.x509.pem | 0 .../vendor}/certs/camera_fishfood.x509.pem | 0 ...ogle_android_apps_camera_services.x509.pem | 0 .../zuma/vendor}/charger_vendor.te | 0 {vendor => legacy/zuma/vendor}/chre.te | 0 .../zuma/vendor}/con_monitor_app.te | 0 .../zuma/vendor}/debug_camera_app.te | 0 {vendor => legacy/zuma/vendor}/device.te | 0 {vendor => legacy/zuma/vendor}/domain.te | 0 {vendor => legacy/zuma/vendor}/dump_gsa.te | 0 {vendor => legacy/zuma/vendor}/dump_power.te | 0 {vendor => legacy/zuma/vendor}/dump_wlan.te | 0 {vendor => legacy/zuma/vendor}/dumpstate.te | 0 {vendor => legacy/zuma/vendor}/e2fs.te | 0 .../zuma/vendor}/euiccpixel_app.te | 0 legacy/zuma/vendor/file.te | 56 ++++ legacy/zuma/vendor/file_contexts | 212 +++++++++++++++ {vendor => legacy/zuma/vendor}/fsck.te | 0 legacy/zuma/vendor/genfs_contexts | 252 ++++++++++++++++++ .../zuma/vendor}/google_camera_app.te | 0 .../zuma/vendor}/hal_bluetooth_btlinux.te | 0 .../zuma/vendor}/hal_bootctl_default.te | 0 .../zuma/vendor}/hal_camera_default.te | 0 .../zuma/vendor}/hal_contexthub_default.te | 0 .../zuma/vendor}/hal_fingerprint_default.te | 0 .../vendor}/hal_graphics_allocator_default.te | 0 .../vendor}/hal_graphics_composer_default.te | 0 .../zuma/vendor}/hal_health_default.te | 0 .../zuma/vendor}/hal_memtrack_default.te | 0 .../zuma/vendor}/hal_nfc_default.te | 0 .../zuma/vendor}/hal_power_default.te | 0 .../zuma/vendor}/hal_power_stats_default.te | 0 .../zuma/vendor}/hal_radioext_default.te | 0 .../hal_secure_element_st54spi_aidl.te | 0 .../zuma/vendor}/hal_secure_element_uicc.te | 0 .../zuma/vendor}/hal_sensors_default.te | 0 .../zuma/vendor}/hal_thermal_default.te | 0 .../zuma/vendor}/hal_usb_gadget_impl.te | 0 .../zuma/vendor}/hal_usb_impl.te | 0 .../zuma/vendor}/hal_uwb_vendor_default.te | 0 .../zuma/vendor}/hal_wifi_ext.te | 0 .../zuma/vendor}/hal_wireless_charger.te | 0 {vendor => legacy/zuma/vendor}/hwservice.te | 0 .../zuma/vendor}/hwservice_contexts | 0 {vendor => legacy/zuma/vendor}/init.te | 0 {vendor => legacy/zuma/vendor}/insmod-sh.te | 0 {vendor => legacy/zuma/vendor}/installd.te | 0 {vendor => legacy/zuma/vendor}/kernel.te | 0 legacy/zuma/vendor/keys.conf | 11 + {vendor => legacy/zuma/vendor}/logd.te | 0 .../zuma/vendor}/mac_permissions.xml | 0 .../zuma/vendor}/mediacodec_google.te | 0 .../zuma/vendor}/pixeldisplayservice_app.te | 0 .../zuma/vendor}/pixelstats_vendor.te | 0 .../zuma/vendor}/platform_app.te | 0 {vendor => legacy/zuma/vendor}/property.te | 0 .../zuma/vendor}/property_contexts | 0 {vendor => legacy/zuma/vendor}/ramdump_app.te | 0 {vendor => legacy/zuma/vendor}/recovery.te | 0 {vendor => legacy/zuma/vendor}/rlsservice.te | 0 {vendor => legacy/zuma/vendor}/seapp_contexts | 0 legacy/zuma/vendor/service.te | 6 + .../zuma/vendor}/service_contexts | 0 {vendor => legacy/zuma/vendor}/shell.te | 0 .../zuma/vendor}/surfaceflinger.te | 0 {vendor => legacy/zuma/vendor}/system_app.te | 0 .../zuma/vendor}/system_server.te | 0 .../zuma/vendor}/systemui_app.te | 0 .../zuma/vendor}/tcpdump_logger.te | 0 {vendor => legacy/zuma/vendor}/tee.te | 0 {vendor => legacy/zuma/vendor}/toolbox.te | 0 .../zuma/vendor}/trusty_apploader.te | 0 .../zuma/vendor}/trusty_metricsd.te | 0 {vendor => legacy/zuma/vendor}/twoshay.te | 0 .../zuma/vendor}/ufs_firmware_update.te | 0 .../zuma/vendor}/update_engine.te | 0 .../zuma/vendor}/uwb_vendor_app.te | 0 {vendor => legacy/zuma/vendor}/vendor_init.te | 0 .../zuma/vendor}/vendor_uwb_init.te | 0 {vendor => legacy/zuma/vendor}/vndservice.te | 0 .../zuma/vendor}/vndservice_contexts | 0 .../zuma/vendor}/wifi_sniffer.te | 0 vendor/file.te | 55 ---- vendor/file_contexts | 211 --------------- vendor/genfs_contexts | 251 ----------------- vendor/keys.conf | 11 - vendor/service.te | 5 - zumapro-sepolicy.mk | 1 + 92 files changed, 538 insertions(+), 533 deletions(-) rename {vendor => legacy/zuma/vendor}/audioserver.te (100%) rename {vendor => legacy/zuma/vendor}/bootanim.te (100%) rename {vendor => legacy/zuma/vendor}/cccdk_timesync_app.te (100%) rename {vendor => legacy/zuma/vendor}/certs/app.x509.pem (100%) rename {vendor => legacy/zuma/vendor}/certs/camera_eng.x509.pem (100%) rename {vendor => legacy/zuma/vendor}/certs/camera_fishfood.x509.pem (100%) rename {vendor => legacy/zuma/vendor}/certs/com_google_android_apps_camera_services.x509.pem (100%) rename {vendor => legacy/zuma/vendor}/charger_vendor.te (100%) rename {vendor => legacy/zuma/vendor}/chre.te (100%) rename {vendor => legacy/zuma/vendor}/con_monitor_app.te (100%) rename {vendor => legacy/zuma/vendor}/debug_camera_app.te (100%) rename {vendor => legacy/zuma/vendor}/device.te (100%) rename {vendor => legacy/zuma/vendor}/domain.te (100%) rename {vendor => legacy/zuma/vendor}/dump_gsa.te (100%) rename {vendor => legacy/zuma/vendor}/dump_power.te (100%) rename {vendor => legacy/zuma/vendor}/dump_wlan.te (100%) rename {vendor => legacy/zuma/vendor}/dumpstate.te (100%) rename {vendor => legacy/zuma/vendor}/e2fs.te (100%) rename {vendor => legacy/zuma/vendor}/euiccpixel_app.te (100%) create mode 100644 legacy/zuma/vendor/file.te create mode 100644 legacy/zuma/vendor/file_contexts rename {vendor => legacy/zuma/vendor}/fsck.te (100%) create mode 100644 legacy/zuma/vendor/genfs_contexts rename {vendor => legacy/zuma/vendor}/google_camera_app.te (100%) rename {vendor => legacy/zuma/vendor}/hal_bluetooth_btlinux.te (100%) rename {vendor => legacy/zuma/vendor}/hal_bootctl_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_camera_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_contexthub_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_fingerprint_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_graphics_allocator_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_graphics_composer_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_health_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_memtrack_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_nfc_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_power_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_power_stats_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_radioext_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_secure_element_st54spi_aidl.te (100%) rename {vendor => legacy/zuma/vendor}/hal_secure_element_uicc.te (100%) rename {vendor => legacy/zuma/vendor}/hal_sensors_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_thermal_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_usb_gadget_impl.te (100%) rename {vendor => legacy/zuma/vendor}/hal_usb_impl.te (100%) rename {vendor => legacy/zuma/vendor}/hal_uwb_vendor_default.te (100%) rename {vendor => legacy/zuma/vendor}/hal_wifi_ext.te (100%) rename {vendor => legacy/zuma/vendor}/hal_wireless_charger.te (100%) rename {vendor => legacy/zuma/vendor}/hwservice.te (100%) rename {vendor => legacy/zuma/vendor}/hwservice_contexts (100%) rename {vendor => legacy/zuma/vendor}/init.te (100%) rename {vendor => legacy/zuma/vendor}/insmod-sh.te (100%) rename {vendor => legacy/zuma/vendor}/installd.te (100%) rename {vendor => legacy/zuma/vendor}/kernel.te (100%) create mode 100644 legacy/zuma/vendor/keys.conf rename {vendor => legacy/zuma/vendor}/logd.te (100%) rename {vendor => legacy/zuma/vendor}/mac_permissions.xml (100%) rename {vendor => legacy/zuma/vendor}/mediacodec_google.te (100%) rename {vendor => legacy/zuma/vendor}/pixeldisplayservice_app.te (100%) rename {vendor => legacy/zuma/vendor}/pixelstats_vendor.te (100%) rename {vendor => legacy/zuma/vendor}/platform_app.te (100%) rename {vendor => legacy/zuma/vendor}/property.te (100%) rename {vendor => legacy/zuma/vendor}/property_contexts (100%) rename {vendor => legacy/zuma/vendor}/ramdump_app.te (100%) rename {vendor => legacy/zuma/vendor}/recovery.te (100%) rename {vendor => legacy/zuma/vendor}/rlsservice.te (100%) rename {vendor => legacy/zuma/vendor}/seapp_contexts (100%) create mode 100644 legacy/zuma/vendor/service.te rename {vendor => legacy/zuma/vendor}/service_contexts (100%) rename {vendor => legacy/zuma/vendor}/shell.te (100%) rename {vendor => legacy/zuma/vendor}/surfaceflinger.te (100%) rename {vendor => legacy/zuma/vendor}/system_app.te (100%) rename {vendor => legacy/zuma/vendor}/system_server.te (100%) rename {vendor => legacy/zuma/vendor}/systemui_app.te (100%) rename {vendor => legacy/zuma/vendor}/tcpdump_logger.te (100%) rename {vendor => legacy/zuma/vendor}/tee.te (100%) rename {vendor => legacy/zuma/vendor}/toolbox.te (100%) rename {vendor => legacy/zuma/vendor}/trusty_apploader.te (100%) rename {vendor => legacy/zuma/vendor}/trusty_metricsd.te (100%) rename {vendor => legacy/zuma/vendor}/twoshay.te (100%) rename {vendor => legacy/zuma/vendor}/ufs_firmware_update.te (100%) rename {vendor => legacy/zuma/vendor}/update_engine.te (100%) rename {vendor => legacy/zuma/vendor}/uwb_vendor_app.te (100%) rename {vendor => legacy/zuma/vendor}/vendor_init.te (100%) rename {vendor => legacy/zuma/vendor}/vendor_uwb_init.te (100%) rename {vendor => legacy/zuma/vendor}/vndservice.te (100%) rename {vendor => legacy/zuma/vendor}/vndservice_contexts (100%) rename {vendor => legacy/zuma/vendor}/wifi_sniffer.te (100%) delete mode 100644 vendor/keys.conf diff --git a/vendor/audioserver.te b/legacy/zuma/vendor/audioserver.te similarity index 100% rename from vendor/audioserver.te rename to legacy/zuma/vendor/audioserver.te diff --git a/vendor/bootanim.te b/legacy/zuma/vendor/bootanim.te similarity index 100% rename from vendor/bootanim.te rename to legacy/zuma/vendor/bootanim.te diff --git a/vendor/cccdk_timesync_app.te b/legacy/zuma/vendor/cccdk_timesync_app.te similarity index 100% rename from vendor/cccdk_timesync_app.te rename to legacy/zuma/vendor/cccdk_timesync_app.te diff --git a/vendor/certs/app.x509.pem b/legacy/zuma/vendor/certs/app.x509.pem similarity index 100% rename from vendor/certs/app.x509.pem rename to legacy/zuma/vendor/certs/app.x509.pem diff --git a/vendor/certs/camera_eng.x509.pem b/legacy/zuma/vendor/certs/camera_eng.x509.pem similarity index 100% rename from vendor/certs/camera_eng.x509.pem rename to legacy/zuma/vendor/certs/camera_eng.x509.pem diff --git a/vendor/certs/camera_fishfood.x509.pem b/legacy/zuma/vendor/certs/camera_fishfood.x509.pem similarity index 100% rename from vendor/certs/camera_fishfood.x509.pem rename to legacy/zuma/vendor/certs/camera_fishfood.x509.pem diff --git a/vendor/certs/com_google_android_apps_camera_services.x509.pem b/legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem similarity index 100% rename from vendor/certs/com_google_android_apps_camera_services.x509.pem rename to legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/charger_vendor.te b/legacy/zuma/vendor/charger_vendor.te similarity index 100% rename from vendor/charger_vendor.te rename to legacy/zuma/vendor/charger_vendor.te diff --git a/vendor/chre.te b/legacy/zuma/vendor/chre.te similarity index 100% rename from vendor/chre.te rename to legacy/zuma/vendor/chre.te diff --git a/vendor/con_monitor_app.te b/legacy/zuma/vendor/con_monitor_app.te similarity index 100% rename from vendor/con_monitor_app.te rename to legacy/zuma/vendor/con_monitor_app.te diff --git a/vendor/debug_camera_app.te b/legacy/zuma/vendor/debug_camera_app.te similarity index 100% rename from vendor/debug_camera_app.te rename to legacy/zuma/vendor/debug_camera_app.te diff --git a/vendor/device.te b/legacy/zuma/vendor/device.te similarity index 100% rename from vendor/device.te rename to legacy/zuma/vendor/device.te diff --git a/vendor/domain.te b/legacy/zuma/vendor/domain.te similarity index 100% rename from vendor/domain.te rename to legacy/zuma/vendor/domain.te diff --git a/vendor/dump_gsa.te b/legacy/zuma/vendor/dump_gsa.te similarity index 100% rename from vendor/dump_gsa.te rename to legacy/zuma/vendor/dump_gsa.te diff --git a/vendor/dump_power.te b/legacy/zuma/vendor/dump_power.te similarity index 100% rename from vendor/dump_power.te rename to legacy/zuma/vendor/dump_power.te diff --git a/vendor/dump_wlan.te b/legacy/zuma/vendor/dump_wlan.te similarity index 100% rename from vendor/dump_wlan.te rename to legacy/zuma/vendor/dump_wlan.te diff --git a/vendor/dumpstate.te b/legacy/zuma/vendor/dumpstate.te similarity index 100% rename from vendor/dumpstate.te rename to legacy/zuma/vendor/dumpstate.te diff --git a/vendor/e2fs.te b/legacy/zuma/vendor/e2fs.te similarity index 100% rename from vendor/e2fs.te rename to legacy/zuma/vendor/e2fs.te diff --git a/vendor/euiccpixel_app.te b/legacy/zuma/vendor/euiccpixel_app.te similarity index 100% rename from vendor/euiccpixel_app.te rename to legacy/zuma/vendor/euiccpixel_app.te diff --git a/legacy/zuma/vendor/file.te b/legacy/zuma/vendor/file.te new file mode 100644 index 0000000..4c01d25 --- /dev/null +++ b/legacy/zuma/vendor/file.te @@ -0,0 +1,56 @@ +# persist +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_sensor_reg_file, file_type, vendor_persist_type; +type persist_fingerprint_file, file_type, vendor_persist_type; + +#sysfs +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; +allow bootdevice_sysdev sysfs:filesystem associate; + +# debugfs +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; + +# Data +type sensor_reg_data_file, file_type, data_file_type; +type chre_data_file, file_type, data_file_type; +type vendor_fingerprint_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# sysfs +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts new file mode 100644 index 0000000..cb68953 --- /dev/null +++ b/legacy/zuma/vendor/file_contexts @@ -0,0 +1,212 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 + +# Vendor Firmwares +/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 +/vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 + +# Vendor libraries + +# Vendor +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 + +# persist +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 +/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0 + +# Devices +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 +/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. +# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 +/dev/qbt_ipc u:object_r:fingerprint_device:s0 +/dev/qbt_fd u:object_r:fingerprint_device:s0 diff --git a/vendor/fsck.te b/legacy/zuma/vendor/fsck.te similarity index 100% rename from vendor/fsck.te rename to legacy/zuma/vendor/fsck.te diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts new file mode 100644 index 0000000..35d0f9d --- /dev/null +++ b/legacy/zuma/vendor/genfs_contexts @@ -0,0 +1,252 @@ +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# Fabric +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + +# debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 + +# Extcon +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + +# Battery +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 + +# Faceauth +genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/google_camera_app.te b/legacy/zuma/vendor/google_camera_app.te similarity index 100% rename from vendor/google_camera_app.te rename to legacy/zuma/vendor/google_camera_app.te diff --git a/vendor/hal_bluetooth_btlinux.te b/legacy/zuma/vendor/hal_bluetooth_btlinux.te similarity index 100% rename from vendor/hal_bluetooth_btlinux.te rename to legacy/zuma/vendor/hal_bluetooth_btlinux.te diff --git a/vendor/hal_bootctl_default.te b/legacy/zuma/vendor/hal_bootctl_default.te similarity index 100% rename from vendor/hal_bootctl_default.te rename to legacy/zuma/vendor/hal_bootctl_default.te diff --git a/vendor/hal_camera_default.te b/legacy/zuma/vendor/hal_camera_default.te similarity index 100% rename from vendor/hal_camera_default.te rename to legacy/zuma/vendor/hal_camera_default.te diff --git a/vendor/hal_contexthub_default.te b/legacy/zuma/vendor/hal_contexthub_default.te similarity index 100% rename from vendor/hal_contexthub_default.te rename to legacy/zuma/vendor/hal_contexthub_default.te diff --git a/vendor/hal_fingerprint_default.te b/legacy/zuma/vendor/hal_fingerprint_default.te similarity index 100% rename from vendor/hal_fingerprint_default.te rename to legacy/zuma/vendor/hal_fingerprint_default.te diff --git a/vendor/hal_graphics_allocator_default.te b/legacy/zuma/vendor/hal_graphics_allocator_default.te similarity index 100% rename from vendor/hal_graphics_allocator_default.te rename to legacy/zuma/vendor/hal_graphics_allocator_default.te diff --git a/vendor/hal_graphics_composer_default.te b/legacy/zuma/vendor/hal_graphics_composer_default.te similarity index 100% rename from vendor/hal_graphics_composer_default.te rename to legacy/zuma/vendor/hal_graphics_composer_default.te diff --git a/vendor/hal_health_default.te b/legacy/zuma/vendor/hal_health_default.te similarity index 100% rename from vendor/hal_health_default.te rename to legacy/zuma/vendor/hal_health_default.te diff --git a/vendor/hal_memtrack_default.te b/legacy/zuma/vendor/hal_memtrack_default.te similarity index 100% rename from vendor/hal_memtrack_default.te rename to legacy/zuma/vendor/hal_memtrack_default.te diff --git a/vendor/hal_nfc_default.te b/legacy/zuma/vendor/hal_nfc_default.te similarity index 100% rename from vendor/hal_nfc_default.te rename to legacy/zuma/vendor/hal_nfc_default.te diff --git a/vendor/hal_power_default.te b/legacy/zuma/vendor/hal_power_default.te similarity index 100% rename from vendor/hal_power_default.te rename to legacy/zuma/vendor/hal_power_default.te diff --git a/vendor/hal_power_stats_default.te b/legacy/zuma/vendor/hal_power_stats_default.te similarity index 100% rename from vendor/hal_power_stats_default.te rename to legacy/zuma/vendor/hal_power_stats_default.te diff --git a/vendor/hal_radioext_default.te b/legacy/zuma/vendor/hal_radioext_default.te similarity index 100% rename from vendor/hal_radioext_default.te rename to legacy/zuma/vendor/hal_radioext_default.te diff --git a/vendor/hal_secure_element_st54spi_aidl.te b/legacy/zuma/vendor/hal_secure_element_st54spi_aidl.te similarity index 100% rename from vendor/hal_secure_element_st54spi_aidl.te rename to legacy/zuma/vendor/hal_secure_element_st54spi_aidl.te diff --git a/vendor/hal_secure_element_uicc.te b/legacy/zuma/vendor/hal_secure_element_uicc.te similarity index 100% rename from vendor/hal_secure_element_uicc.te rename to legacy/zuma/vendor/hal_secure_element_uicc.te diff --git a/vendor/hal_sensors_default.te b/legacy/zuma/vendor/hal_sensors_default.te similarity index 100% rename from vendor/hal_sensors_default.te rename to legacy/zuma/vendor/hal_sensors_default.te diff --git a/vendor/hal_thermal_default.te b/legacy/zuma/vendor/hal_thermal_default.te similarity index 100% rename from vendor/hal_thermal_default.te rename to legacy/zuma/vendor/hal_thermal_default.te diff --git a/vendor/hal_usb_gadget_impl.te b/legacy/zuma/vendor/hal_usb_gadget_impl.te similarity index 100% rename from vendor/hal_usb_gadget_impl.te rename to legacy/zuma/vendor/hal_usb_gadget_impl.te diff --git a/vendor/hal_usb_impl.te b/legacy/zuma/vendor/hal_usb_impl.te similarity index 100% rename from vendor/hal_usb_impl.te rename to legacy/zuma/vendor/hal_usb_impl.te diff --git a/vendor/hal_uwb_vendor_default.te b/legacy/zuma/vendor/hal_uwb_vendor_default.te similarity index 100% rename from vendor/hal_uwb_vendor_default.te rename to legacy/zuma/vendor/hal_uwb_vendor_default.te diff --git a/vendor/hal_wifi_ext.te b/legacy/zuma/vendor/hal_wifi_ext.te similarity index 100% rename from vendor/hal_wifi_ext.te rename to legacy/zuma/vendor/hal_wifi_ext.te diff --git a/vendor/hal_wireless_charger.te b/legacy/zuma/vendor/hal_wireless_charger.te similarity index 100% rename from vendor/hal_wireless_charger.te rename to legacy/zuma/vendor/hal_wireless_charger.te diff --git a/vendor/hwservice.te b/legacy/zuma/vendor/hwservice.te similarity index 100% rename from vendor/hwservice.te rename to legacy/zuma/vendor/hwservice.te diff --git a/vendor/hwservice_contexts b/legacy/zuma/vendor/hwservice_contexts similarity index 100% rename from vendor/hwservice_contexts rename to legacy/zuma/vendor/hwservice_contexts diff --git a/vendor/init.te b/legacy/zuma/vendor/init.te similarity index 100% rename from vendor/init.te rename to legacy/zuma/vendor/init.te diff --git a/vendor/insmod-sh.te b/legacy/zuma/vendor/insmod-sh.te similarity index 100% rename from vendor/insmod-sh.te rename to legacy/zuma/vendor/insmod-sh.te diff --git a/vendor/installd.te b/legacy/zuma/vendor/installd.te similarity index 100% rename from vendor/installd.te rename to legacy/zuma/vendor/installd.te diff --git a/vendor/kernel.te b/legacy/zuma/vendor/kernel.te similarity index 100% rename from vendor/kernel.te rename to legacy/zuma/vendor/kernel.te diff --git a/legacy/zuma/vendor/keys.conf b/legacy/zuma/vendor/keys.conf new file mode 100644 index 0000000..04f8042 --- /dev/null +++ b/legacy/zuma/vendor/keys.conf @@ -0,0 +1,11 @@ +[@GOOGLE] +ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/app.x509.pem + +[@CAMERAENG] +ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_eng.x509.pem + +[@CAMERAFISHFOOD] +ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_fishfood.x509.pem + +[@CAMERASERVICES] +ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/logd.te b/legacy/zuma/vendor/logd.te similarity index 100% rename from vendor/logd.te rename to legacy/zuma/vendor/logd.te diff --git a/vendor/mac_permissions.xml b/legacy/zuma/vendor/mac_permissions.xml similarity index 100% rename from vendor/mac_permissions.xml rename to legacy/zuma/vendor/mac_permissions.xml diff --git a/vendor/mediacodec_google.te b/legacy/zuma/vendor/mediacodec_google.te similarity index 100% rename from vendor/mediacodec_google.te rename to legacy/zuma/vendor/mediacodec_google.te diff --git a/vendor/pixeldisplayservice_app.te b/legacy/zuma/vendor/pixeldisplayservice_app.te similarity index 100% rename from vendor/pixeldisplayservice_app.te rename to legacy/zuma/vendor/pixeldisplayservice_app.te diff --git a/vendor/pixelstats_vendor.te b/legacy/zuma/vendor/pixelstats_vendor.te similarity index 100% rename from vendor/pixelstats_vendor.te rename to legacy/zuma/vendor/pixelstats_vendor.te diff --git a/vendor/platform_app.te b/legacy/zuma/vendor/platform_app.te similarity index 100% rename from vendor/platform_app.te rename to legacy/zuma/vendor/platform_app.te diff --git a/vendor/property.te b/legacy/zuma/vendor/property.te similarity index 100% rename from vendor/property.te rename to legacy/zuma/vendor/property.te diff --git a/vendor/property_contexts b/legacy/zuma/vendor/property_contexts similarity index 100% rename from vendor/property_contexts rename to legacy/zuma/vendor/property_contexts diff --git a/vendor/ramdump_app.te b/legacy/zuma/vendor/ramdump_app.te similarity index 100% rename from vendor/ramdump_app.te rename to legacy/zuma/vendor/ramdump_app.te diff --git a/vendor/recovery.te b/legacy/zuma/vendor/recovery.te similarity index 100% rename from vendor/recovery.te rename to legacy/zuma/vendor/recovery.te diff --git a/vendor/rlsservice.te b/legacy/zuma/vendor/rlsservice.te similarity index 100% rename from vendor/rlsservice.te rename to legacy/zuma/vendor/rlsservice.te diff --git a/vendor/seapp_contexts b/legacy/zuma/vendor/seapp_contexts similarity index 100% rename from vendor/seapp_contexts rename to legacy/zuma/vendor/seapp_contexts diff --git a/legacy/zuma/vendor/service.te b/legacy/zuma/vendor/service.te new file mode 100644 index 0000000..85b1745 --- /dev/null +++ b/legacy/zuma/vendor/service.te @@ -0,0 +1,6 @@ +type hal_pixel_display_service, service_manager_type, hal_service_type; + +# WLC +type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; + +type arm_mali_platform_service, app_api_service, service_manager_type; diff --git a/vendor/service_contexts b/legacy/zuma/vendor/service_contexts similarity index 100% rename from vendor/service_contexts rename to legacy/zuma/vendor/service_contexts diff --git a/vendor/shell.te b/legacy/zuma/vendor/shell.te similarity index 100% rename from vendor/shell.te rename to legacy/zuma/vendor/shell.te diff --git a/vendor/surfaceflinger.te b/legacy/zuma/vendor/surfaceflinger.te similarity index 100% rename from vendor/surfaceflinger.te rename to legacy/zuma/vendor/surfaceflinger.te diff --git a/vendor/system_app.te b/legacy/zuma/vendor/system_app.te similarity index 100% rename from vendor/system_app.te rename to legacy/zuma/vendor/system_app.te diff --git a/vendor/system_server.te b/legacy/zuma/vendor/system_server.te similarity index 100% rename from vendor/system_server.te rename to legacy/zuma/vendor/system_server.te diff --git a/vendor/systemui_app.te b/legacy/zuma/vendor/systemui_app.te similarity index 100% rename from vendor/systemui_app.te rename to legacy/zuma/vendor/systemui_app.te diff --git a/vendor/tcpdump_logger.te b/legacy/zuma/vendor/tcpdump_logger.te similarity index 100% rename from vendor/tcpdump_logger.te rename to legacy/zuma/vendor/tcpdump_logger.te diff --git a/vendor/tee.te b/legacy/zuma/vendor/tee.te similarity index 100% rename from vendor/tee.te rename to legacy/zuma/vendor/tee.te diff --git a/vendor/toolbox.te b/legacy/zuma/vendor/toolbox.te similarity index 100% rename from vendor/toolbox.te rename to legacy/zuma/vendor/toolbox.te diff --git a/vendor/trusty_apploader.te b/legacy/zuma/vendor/trusty_apploader.te similarity index 100% rename from vendor/trusty_apploader.te rename to legacy/zuma/vendor/trusty_apploader.te diff --git a/vendor/trusty_metricsd.te b/legacy/zuma/vendor/trusty_metricsd.te similarity index 100% rename from vendor/trusty_metricsd.te rename to legacy/zuma/vendor/trusty_metricsd.te diff --git a/vendor/twoshay.te b/legacy/zuma/vendor/twoshay.te similarity index 100% rename from vendor/twoshay.te rename to legacy/zuma/vendor/twoshay.te diff --git a/vendor/ufs_firmware_update.te b/legacy/zuma/vendor/ufs_firmware_update.te similarity index 100% rename from vendor/ufs_firmware_update.te rename to legacy/zuma/vendor/ufs_firmware_update.te diff --git a/vendor/update_engine.te b/legacy/zuma/vendor/update_engine.te similarity index 100% rename from vendor/update_engine.te rename to legacy/zuma/vendor/update_engine.te diff --git a/vendor/uwb_vendor_app.te b/legacy/zuma/vendor/uwb_vendor_app.te similarity index 100% rename from vendor/uwb_vendor_app.te rename to legacy/zuma/vendor/uwb_vendor_app.te diff --git a/vendor/vendor_init.te b/legacy/zuma/vendor/vendor_init.te similarity index 100% rename from vendor/vendor_init.te rename to legacy/zuma/vendor/vendor_init.te diff --git a/vendor/vendor_uwb_init.te b/legacy/zuma/vendor/vendor_uwb_init.te similarity index 100% rename from vendor/vendor_uwb_init.te rename to legacy/zuma/vendor/vendor_uwb_init.te diff --git a/vendor/vndservice.te b/legacy/zuma/vendor/vndservice.te similarity index 100% rename from vendor/vndservice.te rename to legacy/zuma/vendor/vndservice.te diff --git a/vendor/vndservice_contexts b/legacy/zuma/vendor/vndservice_contexts similarity index 100% rename from vendor/vndservice_contexts rename to legacy/zuma/vendor/vndservice_contexts diff --git a/vendor/wifi_sniffer.te b/legacy/zuma/vendor/wifi_sniffer.te similarity index 100% rename from vendor/wifi_sniffer.te rename to legacy/zuma/vendor/wifi_sniffer.te diff --git a/vendor/file.te b/vendor/file.te index 4c01d25..8b13789 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,56 +1 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; -type persist_fingerprint_file, file_type, vendor_persist_type; -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type sensor_reg_data_file, file_type, data_file_type; -type chre_data_file, file_type, data_file_type; -type vendor_fingerprint_data_file, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; - -# GSA -type sysfs_gsa_log, sysfs_type, fs_type; - -# Faceauth -type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index cb68953..8b13789 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,212 +1 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 -# Vendor Firmwares -/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 -/vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 - -# Vendor libraries - -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 -/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 - -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 -/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0 - -# Devices -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 -/dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 -/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 -/dev/qbt_ipc u:object_r:fingerprint_device:s0 -/dev/qbt_fd u:object_r:fingerprint_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 35d0f9d..8b13789 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,252 +1 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - -# debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 - -# Extcon -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - -# Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 - -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 - -# Faceauth -genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/vendor/keys.conf b/vendor/keys.conf deleted file mode 100644 index 9911d1f..0000000 --- a/vendor/keys.conf +++ /dev/null @@ -1,11 +0,0 @@ -[@GOOGLE] -ALL : device/google/zumapro-sepolicy/vendor/certs/app.x509.pem - -[@CAMERAENG] -ALL : device/google/zumapro-sepolicy/vendor/certs/camera_eng.x509.pem - -[@CAMERAFISHFOOD] -ALL : device/google/zumapro-sepolicy/vendor/certs/camera_fishfood.x509.pem - -[@CAMERASERVICES] -ALL : device/google/zumapro-sepolicy/vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/vendor/service.te b/vendor/service.te index 85b1745..8b13789 100644 --- a/vendor/service.te +++ b/vendor/service.te @@ -1,6 +1 @@ -type hal_pixel_display_service, service_manager_type, hal_service_type; -# WLC -type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; - -type arm_mali_platform_service, app_api_service, service_manager_type; diff --git a/zumapro-sepolicy.mk b/zumapro-sepolicy.mk index f202935..4edddb2 100644 --- a/zumapro-sepolicy.mk +++ b/zumapro-sepolicy.mk @@ -18,6 +18,7 @@ BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats # To be reviewed and removed. BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/whitechapel_pro +BOARD_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/zuma/vendor PRODUCT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/private SYSTEM_EXT_PUBLIC_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/public SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/zumapro-sepolicy/legacy/system_ext/private From a202da5e8a4f05025257078d558e94e7572662c7 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 4 Sep 2023 14:48:58 +0800 Subject: [PATCH 052/321] sepolicy: allows pixelstat to access pca file nodes Bug: 298628728 Test: no Permission denied while accessing the file node Change-Id: I0a2ffa3eb583775fa8e6dae02367d156152ee386 Signed-off-by: Jack Wu --- vendor/file.te | 2 ++ vendor/genfs_contexts | 3 +++ vendor/pixelstats_vendor.te | 3 +++ 3 files changed, 8 insertions(+) create mode 100644 vendor/pixelstats_vendor.te diff --git a/vendor/file.te b/vendor/file.te index 8b13789..eff5cbf 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1 +1,3 @@ +#sysfs +type sysfs_pca, sysfs_type, fs_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8b13789..0e1dd05 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1 +1,4 @@ +# Battery +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te new file mode 100644 index 0000000..be979ec --- /dev/null +++ b/vendor/pixelstats_vendor.te @@ -0,0 +1,3 @@ +# Pca charge +allow pixelstats_vendor sysfs_pca:file rw_file_perms; + From 2bbb50d15b014725b82b85e449e0c820f3a477ab Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 4 Sep 2023 19:28:45 +0800 Subject: [PATCH 053/321] Add the common CS40L26 I2C path Bug: 285343932 Test: No AVC denials for vibration and HAL dumpsys Change-Id: I5a5baf70696748a19618157cd4e466e5f9ac4fdd --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0e1dd05..f1ccbae 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -2,3 +2,5 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 +# Haptics +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 From 442592fc0c91410c10eb53234835c8f5345399cb Mon Sep 17 00:00:00 2001 From: Jack Wu Date: Tue, 5 Sep 2023 17:08:12 +0800 Subject: [PATCH 054/321] move google,charger SELinux config from legacy to vendor Bug: 298923686 Test: no Permission denied while accessing the file node Change-Id: Idea525f8067dd8d74065bcb128da4b25a04113dc Signed-off-by: Jack Wu --- legacy/zuma/vendor/genfs_contexts | 1 - vendor/genfs_contexts | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index 35d0f9d..1352b6d 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -129,7 +129,6 @@ genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average # Battery genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0e1dd05..2b70339 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,4 +1,5 @@ # Battery +genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 From a43564d9684584cf22d46609415856cbb4c91570 Mon Sep 17 00:00:00 2001 From: Jack Wu Date: Wed, 6 Sep 2023 21:37:08 +0800 Subject: [PATCH 055/321] fix incorrect max_secondary path Bug: 299268124 Test: data is correct in dumpstate Change-Id: I198b7117270ef078c698b2c30f479bcb510d6471 Signed-off-by: Jack Wu --- legacy/zuma/vendor/file_contexts | 4 ---- vendor/file_contexts | 5 +++++ 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts index cb68953..50be206 100644 --- a/legacy/zuma/vendor/file_contexts +++ b/legacy/zuma/vendor/file_contexts @@ -97,14 +97,10 @@ /dev/logbuffer_rtx u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 /dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index 8b13789..416bd61 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1 +1,6 @@ +# Devices +/dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 From 7974b22abcceebe3cc82e3dd4df61d321da5f255 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 8 Sep 2023 09:51:24 +0800 Subject: [PATCH 056/321] Correct the SEPolicy owner Bug: 296187211 Change-Id: I04f78cfd314d499546a624a5ade643a8bc95fb21 --- OWNERS | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/OWNERS b/OWNERS index 791abb4..bff635e 100644 --- a/OWNERS +++ b/OWNERS @@ -1,3 +1,3 @@ -include platform/system/sepolicy:/OWNERS +include device/google/gs-common:/sepolicy/OWNERS -rurumihong@google.com +adamshih@google.com From 4d8b7ddfd6c54d3c26fe537b02584473a1237f50 Mon Sep 17 00:00:00 2001 From: Tommy Kardach Date: Fri, 8 Sep 2023 09:30:55 -0700 Subject: [PATCH 057/321] Allow Camera HAL to acquire wake locks Bug: 298439902 Bug: 298272647 Test: manual flash Change-Id: Ide1bf19ff54e0ce517722c1a028ac946e87ed787 --- vendor/hal_camera_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 vendor/hal_camera_default.te diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te new file mode 100644 index 0000000..67b0c32 --- /dev/null +++ b/vendor/hal_camera_default.te @@ -0,0 +1,2 @@ +# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes +wakelock_use(hal_camera_default) From 3ca2aca55868cc902e77df3e9dcb68892663cd15 Mon Sep 17 00:00:00 2001 From: Hasan Awais Date: Thu, 7 Sep 2023 23:49:44 +0000 Subject: [PATCH 058/321] uwb: add permissions for factory uwb calib file needed for copying the factory calib file from persist to /data/vendor/uwb, along with converting the file to a valid format for uwb HAL Equivalent CL: ag/22980180 Bug: 296108382 Bug: 296108391 Test: local build passed Change-Id: I576d21433e2d0b958ef876bd42c382dd2061796e Signed-off-by: Hasan Awais --- legacy/whitechapel_pro/file.te | 3 --- legacy/whitechapel_pro/file_contexts | 2 -- legacy/zuma/vendor/file_contexts | 2 -- vendor/file.te | 7 +++++++ vendor/file_contexts | 10 ++++++++++ .../zuma/vendor => vendor}/hal_uwb_vendor_default.te | 3 +++ {legacy/zuma/vendor => vendor}/vendor_uwb_init.te | 4 ++++ 7 files changed, 24 insertions(+), 7 deletions(-) rename {legacy/zuma/vendor => vendor}/hal_uwb_vendor_default.te (63%) rename {legacy/zuma/vendor => vendor}/vendor_uwb_init.te (52%) diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index 23d748b..f59a80b 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -2,8 +2,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; -type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; -type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; type sensor_debug_data_file, file_type, data_file_type; @@ -19,7 +17,6 @@ type vendor_regmap_debugfs, fs_type, debugfs_type; # persist type persist_ss_file, file_type, vendor_persist_type; -type persist_uwb_file, file_type, vendor_persist_type; # Storage Health HAL type proc_f2fs, proc_type, fs_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index a9901c0..50db736 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -41,13 +41,11 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 -/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 # Raw HID device /dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts index 50be206..dad7d26 100644 --- a/legacy/zuma/vendor/file_contexts +++ b/legacy/zuma/vendor/file_contexts @@ -7,7 +7,6 @@ /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 @@ -20,7 +19,6 @@ /vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 /vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 diff --git a/vendor/file.te b/vendor/file.te index eff5cbf..5581e3e 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,3 +1,10 @@ +# persist +type persist_uwb_file, file_type, vendor_persist_type; + #sysfs type sysfs_pca, sysfs_type, fs_type; +# Data +type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; +type uwb_data_vendor, file_type, data_file_type; + diff --git a/vendor/file_contexts b/vendor/file_contexts index 416bd61..225f3a5 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,3 +1,13 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 +/vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 + +# Vendor +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 + +# persist +/mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 + # Devices /dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0 diff --git a/legacy/zuma/vendor/hal_uwb_vendor_default.te b/vendor/hal_uwb_vendor_default.te similarity index 63% rename from legacy/zuma/vendor/hal_uwb_vendor_default.te rename to vendor/hal_uwb_vendor_default.te index 06a67d0..e6ac638 100644 --- a/legacy/zuma/vendor/hal_uwb_vendor_default.te +++ b/vendor/hal_uwb_vendor_default.te @@ -3,3 +3,6 @@ type hal_uwb_vendor_default_exec, vendor_file_type, exec_type, file_type; allow hal_uwb_default uci_device:chr_file rw_file_perms; init_daemon_domain(hal_uwb_vendor_default) +allow hal_uwb_default uwb_data_vendor:dir create_dir_perms; +allow hal_uwb_default uwb_data_vendor:file create_file_perms; + diff --git a/legacy/zuma/vendor/vendor_uwb_init.te b/vendor/vendor_uwb_init.te similarity index 52% rename from legacy/zuma/vendor/vendor_uwb_init.te rename to vendor/vendor_uwb_init.te index 5216019..84e41cf 100644 --- a/legacy/zuma/vendor/vendor_uwb_init.te +++ b/vendor/vendor_uwb_init.te @@ -2,3 +2,7 @@ type vendor_uwb_init, domain; type vendor_uwb_init_exec, exec_type, vendor_file_type, file_type; init_daemon_domain(vendor_uwb_init) + +allow vendor_uwb_init uwb_data_vendor:file create_file_perms; +allow vendor_uwb_init uwb_data_vendor:dir w_dir_perms; + From a3abd5ad39fcb3fc5e1a811fa84c064da52ccc7b Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Tue, 12 Sep 2023 16:42:21 +0800 Subject: [PATCH 059/321] Allow regmap debugfs for drivers probed by insmod auditd : type=1400 audit(0.0:731): avc: denied { search } for comm="modprobe" name="regmap" dev="debugfs" ino=2057 scontext=u:r:insmod-sh:s0 tcontext=u:object_r:vendor_regmap_debugfs:s0 tclass=dir permissive=1 bug=b/274727542 vendor_kernel_boot and vendor_dlkm modules probe by insmod need this. Move regmap debugfs from legacy/whitechapel_pro/ to vendor/. Bug: 274727542 Bug: 289012421 Bug: 285343932 Test: ls -d /sys/kernel/debug/regmap/*-0043 Change-Id: I1db7a5a3413467b4e14954d994b071b206fe0300 --- legacy/whitechapel_pro/file.te | 3 --- legacy/whitechapel_pro/genfs_contexts | 3 --- tracking_denials/bug_map | 1 - vendor/file.te | 3 +++ vendor/genfs_contexts | 3 +++ vendor/insmod-sh.te | 1 + 6 files changed, 7 insertions(+), 7 deletions(-) create mode 100644 vendor/insmod-sh.te diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index f59a80b..db0b31f 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -12,9 +12,6 @@ type sysfs_bcmdhd, sysfs_type, fs_type; type sysfs_chargelevel, sysfs_type, fs_type; type sysfs_camera, sysfs_type, fs_type; -# debugfs -type vendor_regmap_debugfs, fs_type, debugfs_type; - # persist type persist_ss_file, file_type, vendor_persist_type; diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts index dccae4e..34f9ee4 100644 --- a/legacy/whitechapel_pro/genfs_contexts +++ b/legacy/whitechapel_pro/genfs_contexts @@ -30,9 +30,6 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 -# debugfs -genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 - # Haptics genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 821f41d..616e642 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -20,7 +20,6 @@ hal_uwb_default debugfs file b/279680213 incidentd apex_art_data_file file b/272628762 incidentd incidentd anon_inode b/274374992 insmod-sh insmod-sh key b/274374722 -insmod-sh vendor_regmap_debugfs dir b/274727542 kernel vendor_fw_file dir b/272166737 kernel vendor_fw_file dir b/272166787 mtectrl unlabeled dir b/264483752 diff --git a/vendor/file.te b/vendor/file.te index 5581e3e..bc6ca4a 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -4,6 +4,9 @@ type persist_uwb_file, file_type, vendor_persist_type; #sysfs type sysfs_pca, sysfs_type, fs_type; +# debugfs +type vendor_regmap_debugfs, fs_type, debugfs_type; + # Data type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0b32140..26d255a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -3,5 +3,8 @@ genfscon sysfs /devices/platform/google,charger genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 +# debugfs +genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 + # Haptics genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 diff --git a/vendor/insmod-sh.te b/vendor/insmod-sh.te new file mode 100644 index 0000000..ac5adeb --- /dev/null +++ b/vendor/insmod-sh.te @@ -0,0 +1 @@ +allow insmod-sh vendor_regmap_debugfs:dir search; From 72c63096bd01385220bda8e15aa07873b7f17462 Mon Sep 17 00:00:00 2001 From: Mike Wang Date: Thu, 28 Sep 2023 15:16:36 +0000 Subject: [PATCH 060/321] Grant the MDS access to the IPowerStats hal service. ref logs: 09-06 10:07:18.006 536 536 I auditd : avc: denied { find } for pid=22543 uid=10225 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1 09-06 10:07:18.010 22543 22543 I auditd : type=1400 audit(0.0:65): avc: denied { call } for comm="pool-4-thread-1" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=1 app=com.google.mds Test: Tested with MDS app and the MDS can get IPowerStats binder and call the interface. Bug: 297250368 Change-Id: I7503a86baa01e4391d64f958cd053822de78d8fd --- radio/modem_diagnostic_app.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index 8c4a0ca..b5cce03 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -7,6 +7,8 @@ allow modem_diagnostic_app app_api_service:service_manager find; allow modem_diagnostic_app radio_service:service_manager find; userdebug_or_eng(` + hal_client_domain(modem_diagnostic_app, hal_power_stats); + binder_call(modem_diagnostic_app, dmd) set_prop(modem_diagnostic_app, vendor_cbd_prop) From 92083a0f38284791d6b82c5fc091eb9135483448 Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai Date: Wed, 4 Oct 2023 15:42:21 +0800 Subject: [PATCH 061/321] genfs_contexts: Modify USB SELinux policies Add USB wakeup sources sepolicy contexts Bug: 295128467 Test: Change USB sepolicies and existing tests still pass. Change-Id: Ic6c693a24c59cc3248d89208268bad6279b50003 Signed-off-by: Kuen-Han Tsai --- vendor/genfs_contexts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 26d255a..0276416 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -8,3 +8,9 @@ genfscon debugfs /regmap u:object # Haptics genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 + +# wake up nodes +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 From a934af3727773f80077a240a00fb5a499ca98473 Mon Sep 17 00:00:00 2001 From: Matthew Sedam Date: Mon, 2 Oct 2023 20:53:50 +0000 Subject: [PATCH 062/321] Allow CHRE to access the IStats service for the zumapro target This CL also moves the chre.te file from legacy to vendor. Bug: 298459533 Test: Use stats service from chre Change-Id: I6b954983e71b436a0dfef8a50cc2ce352bd14d79 --- legacy/zuma/vendor/chre.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/legacy/zuma/vendor/chre.te b/legacy/zuma/vendor/chre.te index 7c0ad8f..c4298ab 100644 --- a/legacy/zuma/vendor/chre.te +++ b/legacy/zuma/vendor/chre.te @@ -18,3 +18,7 @@ allow chre chre_data_file:file create_file_perms; # Allow CHRE to use WakeLock wakelock_use(chre) + +# Allow CHRE host to talk to stats service +allow chre fwk_stats_service:service_manager find; +binder_call(chre, stats_service_server) From 2d20db9d65afab4245fea2f6c6c9cf63379e71db Mon Sep 17 00:00:00 2001 From: John Chang Date: Tue, 10 Oct 2023 18:21:54 +0000 Subject: [PATCH 063/321] display: properties of vrr settings Bug: 290843234 Test: verify getprop/setprop after reboot. Change-Id: I9cf5e2272b6ea9e9bbcf72b4363faf272872e27c --- legacy/zuma/vendor/property_contexts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/legacy/zuma/vendor/property_contexts b/legacy/zuma/vendor/property_contexts index 63ec7aa..e27170d 100644 --- a/legacy/zuma/vendor/property_contexts +++ b/legacy/zuma/vendor/property_contexts @@ -21,3 +21,8 @@ vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# Display +ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool +ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From 65bb6f7c98fc70de4e844dd56cb6c30702dd037c Mon Sep 17 00:00:00 2001 From: Hiroshi Akiyama Date: Tue, 26 Sep 2023 01:02:06 +0000 Subject: [PATCH 064/321] Migrate dump_power.sh to cpp for improved speed Bug: 299133307 Test: adb bugreport and check dumpstate_board.txt Change-Id: Ia12b5f4c050a719f994b0f7df8211533d48e0806 Signed-off-by: Hiroshi Akiyama --- legacy/zuma/vendor/file_contexts | 1 - legacy/zuma/vendor/genfs_contexts | 7 +++++++ {legacy/zuma/vendor => vendor}/dump_power.te | 0 vendor/file_contexts | 1 + 4 files changed, 8 insertions(+), 1 deletion(-) rename {legacy/zuma/vendor => vendor}/dump_power.te (100%) diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts index dad7d26..7aba188 100644 --- a/legacy/zuma/vendor/file_contexts +++ b/legacy/zuma/vendor/file_contexts @@ -12,7 +12,6 @@ /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/dump/dump_power\.sh u:object_r:dump_power_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index 1352b6d..0fd66bc 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -88,21 +88,25 @@ genfscon sysfs /devices/platform/acpm_stats genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 @@ -151,6 +155,9 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 # wake up nodes genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/legacy/zuma/vendor/dump_power.te b/vendor/dump_power.te similarity index 100% rename from legacy/zuma/vendor/dump_power.te rename to vendor/dump_power.te diff --git a/vendor/file_contexts b/vendor/file_contexts index 225f3a5..f3d8919 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -1,6 +1,7 @@ # Binaries /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 +/vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 # Vendor /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 From b70a0d779ea928c057ebb1c4a908136f89e4a3d6 Mon Sep 17 00:00:00 2001 From: Jeremy DeHaan Date: Mon, 16 Oct 2023 16:20:29 -0700 Subject: [PATCH 065/321] Allow HWC to access display refresh control Bug: 304394975 Change-Id: Ie718bc50d9ffec8347079b32327b7d3862ff41d6 Signed-off-by: Jeremy DeHaan --- legacy/zuma/vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index 0fd66bc..e5fedb3 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -75,6 +75,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 From b8b118535623dd33e1975d163b58d754ea1d05e9 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 24 Oct 2023 07:20:01 +0000 Subject: [PATCH 066/321] Update permissive domain Bug 307468752 Bug: 307468788 Bug: 307468729 Bug: 307468767 Bug: 307468462 Bug: 307468561 Bug: 307468923 Bug: 307468731 Bug: 307468925 Bug: 307468690 Bug: 307468733 Bug: 307468692 Bug: 307468756 Bug: 307468758 Bug: 307468945 Bug: 307468771 Bug: 307468867 Bug: 307468827 Bug: 307468887 Bug: 296187211 Change-Id: Ib4df93d03b2828113b008032b3e574c0e4298f01 --- tracking_denials/con_monitor_app.te | 4 ++++ tracking_denials/fastbootd.te | 4 ++++ tracking_denials/gxp_logging.te | 4 ++++ tracking_denials/hal_health_default.te | 4 ++++ tracking_denials/hal_power_default.te | 4 ++++ tracking_denials/hal_power_stats_default.te | 4 ++++ tracking_denials/hal_uwb_default.te | 4 ++++ tracking_denials/hal_vibrator_default.te | 4 ++++ tracking_denials/hal_wireless_charger.te | 4 ++++ tracking_denials/insmod-sh.te | 4 ++++ tracking_denials/kernel.te | 4 ++++ tracking_denials/network_stack.te | 4 ++++ tracking_denials/permissive.te | 21 --------------------- tracking_denials/pixelstats_vendor.te | 4 ++++ tracking_denials/servicemanager.te | 4 ++++ tracking_denials/ssr_detector_app.te | 4 ++++ tracking_denials/system_server.te | 4 ++++ tracking_denials/systemui_app.te | 4 ++++ tracking_denials/thermal_link_device.te | 4 ++++ tracking_denials/vendor_init.te | 4 ++++ 20 files changed, 76 insertions(+), 21 deletions(-) create mode 100644 tracking_denials/con_monitor_app.te create mode 100644 tracking_denials/fastbootd.te create mode 100644 tracking_denials/gxp_logging.te create mode 100644 tracking_denials/hal_health_default.te create mode 100644 tracking_denials/hal_power_default.te create mode 100644 tracking_denials/hal_power_stats_default.te create mode 100644 tracking_denials/hal_uwb_default.te create mode 100644 tracking_denials/hal_vibrator_default.te create mode 100644 tracking_denials/hal_wireless_charger.te create mode 100644 tracking_denials/insmod-sh.te create mode 100644 tracking_denials/kernel.te create mode 100644 tracking_denials/network_stack.te delete mode 100644 tracking_denials/permissive.te create mode 100644 tracking_denials/pixelstats_vendor.te create mode 100644 tracking_denials/servicemanager.te create mode 100644 tracking_denials/ssr_detector_app.te create mode 100644 tracking_denials/system_server.te create mode 100644 tracking_denials/systemui_app.te create mode 100644 tracking_denials/thermal_link_device.te create mode 100644 tracking_denials/vendor_init.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te new file mode 100644 index 0000000..9075c28 --- /dev/null +++ b/tracking_denials/con_monitor_app.te @@ -0,0 +1,4 @@ +# b/307468771 +userdebug_or_eng(` + permissive con_monitor_app; +') \ No newline at end of file diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te new file mode 100644 index 0000000..7b5497a --- /dev/null +++ b/tracking_denials/fastbootd.te @@ -0,0 +1,4 @@ +# b/307468887 +userdebug_or_eng(` + permissive fastbootd; +') \ No newline at end of file diff --git a/tracking_denials/gxp_logging.te b/tracking_denials/gxp_logging.te new file mode 100644 index 0000000..1aa14ac --- /dev/null +++ b/tracking_denials/gxp_logging.te @@ -0,0 +1,4 @@ +# b/307468752 +userdebug_or_eng(` + permissive gxp_logging; +') \ No newline at end of file diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te new file mode 100644 index 0000000..aef0929 --- /dev/null +++ b/tracking_denials/hal_health_default.te @@ -0,0 +1,4 @@ +# b/307468788 +userdebug_or_eng(` + permissive hal_health_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te new file mode 100644 index 0000000..310f934 --- /dev/null +++ b/tracking_denials/hal_power_default.te @@ -0,0 +1,4 @@ +# b/307468758 +userdebug_or_eng(` + permissive hal_power_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te new file mode 100644 index 0000000..e4bd5df --- /dev/null +++ b/tracking_denials/hal_power_stats_default.te @@ -0,0 +1,4 @@ +# b/307468729 +userdebug_or_eng(` + permissive hal_power_stats_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_uwb_default.te b/tracking_denials/hal_uwb_default.te new file mode 100644 index 0000000..7fe8be8 --- /dev/null +++ b/tracking_denials/hal_uwb_default.te @@ -0,0 +1,4 @@ +# b/307468767 +userdebug_or_eng(` + permissive hal_uwb_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 0000000..6cce477 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,4 @@ +# b/307468462 +userdebug_or_eng(` + permissive hal_vibrator_default; +') \ No newline at end of file diff --git a/tracking_denials/hal_wireless_charger.te b/tracking_denials/hal_wireless_charger.te new file mode 100644 index 0000000..ed89d0c --- /dev/null +++ b/tracking_denials/hal_wireless_charger.te @@ -0,0 +1,4 @@ +# b/307468561 +userdebug_or_eng(` + permissive hal_wireless_charger; +') \ No newline at end of file diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te new file mode 100644 index 0000000..baf99b2 --- /dev/null +++ b/tracking_denials/insmod-sh.te @@ -0,0 +1,4 @@ +# b/307468923 +userdebug_or_eng(` + permissive insmod-sh; +') \ No newline at end of file diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te new file mode 100644 index 0000000..8160c1f --- /dev/null +++ b/tracking_denials/kernel.te @@ -0,0 +1,4 @@ +# b/307468756 +userdebug_or_eng(` + permissive kernel; +') \ No newline at end of file diff --git a/tracking_denials/network_stack.te b/tracking_denials/network_stack.te new file mode 100644 index 0000000..f3a9939 --- /dev/null +++ b/tracking_denials/network_stack.te @@ -0,0 +1,4 @@ +# b/307468731 +userdebug_or_eng(` + permissive network_stack; +') \ No newline at end of file diff --git a/tracking_denials/permissive.te b/tracking_denials/permissive.te deleted file mode 100644 index 9fe4973..0000000 --- a/tracking_denials/permissive.te +++ /dev/null @@ -1,21 +0,0 @@ -userdebug_or_eng(` - permissive gxp_logging; - permissive hal_health_default; - permissive hal_power_stats_default; - permissive hal_uwb_default; - permissive hal_vibrator_default; - permissive hal_wireless_charger; - permissive insmod-sh; - permissive network_stack; - permissive pixelstats_vendor; - permissive system_server; - permissive vendor_init; - permissive thermal_link_device; - permissive kernel; - permissive hal_power_default; - permissive servicemanager; - permissive con_monitor_app; - permissive systemui_app; - permissive ssr_detector_app; - permissive fastbootd; -') diff --git a/tracking_denials/pixelstats_vendor.te b/tracking_denials/pixelstats_vendor.te new file mode 100644 index 0000000..78c5c53 --- /dev/null +++ b/tracking_denials/pixelstats_vendor.te @@ -0,0 +1,4 @@ +# b/307468925 +userdebug_or_eng(` + permissive pixelstats_vendor; +') \ No newline at end of file diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te new file mode 100644 index 0000000..9e0515b --- /dev/null +++ b/tracking_denials/servicemanager.te @@ -0,0 +1,4 @@ +# b/307468945 +userdebug_or_eng(` + permissive servicemanager; +') \ No newline at end of file diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te new file mode 100644 index 0000000..a5a640d --- /dev/null +++ b/tracking_denials/ssr_detector_app.te @@ -0,0 +1,4 @@ +# b/307468827 +userdebug_or_eng(` + permissive ssr_detector_app; +') \ No newline at end of file diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te new file mode 100644 index 0000000..dd6e930 --- /dev/null +++ b/tracking_denials/system_server.te @@ -0,0 +1,4 @@ +# b/307468690 +userdebug_or_eng(` + permissive system_server; +') \ No newline at end of file diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te new file mode 100644 index 0000000..b9967a6 --- /dev/null +++ b/tracking_denials/systemui_app.te @@ -0,0 +1,4 @@ +# b/307468867 +userdebug_or_eng(` + permissive systemui_app; +') \ No newline at end of file diff --git a/tracking_denials/thermal_link_device.te b/tracking_denials/thermal_link_device.te new file mode 100644 index 0000000..1298dd6 --- /dev/null +++ b/tracking_denials/thermal_link_device.te @@ -0,0 +1,4 @@ +# b/307468692 +userdebug_or_eng(` + permissive thermal_link_device; +') \ No newline at end of file diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..2ae4665 --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,4 @@ +# b/307468733 +userdebug_or_eng(` + permissive vendor_init; +') \ No newline at end of file From 30de3456f52f8db770dca492fdbc1a48a788f023 Mon Sep 17 00:00:00 2001 From: samou Date: Mon, 23 Oct 2023 01:43:46 +0000 Subject: [PATCH 067/321] Allow battery_motigation to access gpu cur_freq Bug: 290149543 Change-Id: Iee0c935194f09dfa960f5b3a701d6e8abc0af17d Signed-off-by: samou --- vendor/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0276416..3d5d3dd 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -14,3 +14,6 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 + +# GPU +genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 From 16dc4769c41d2e3215c5a7710764a1a446570ad0 Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Thu, 26 Oct 2023 10:01:08 +0000 Subject: [PATCH 068/321] Add sepolicy for Bluetooth HAL to access uart and lpm related device nodes Bug: 303046044 Test: Manually Change-Id: I20db519f27c8e59cac0ad326078228c89565550f --- vendor/file_contexts | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index f3d8919..e32c8fa 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -9,6 +9,11 @@ # persist /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 +# Bluetooth +/dev/ttySAC18 u:object_r:hci_attach_dev:s0 +/dev/logbuffer_btlpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_tty18 u:object_r:logbuffer_device:s0 + # Devices /dev/logbuffer_maxfg_base u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0 From cf06992020470c0d8b6d371be33ed10602a12fbe Mon Sep 17 00:00:00 2001 From: guibing Date: Wed, 25 Oct 2023 22:21:41 +0000 Subject: [PATCH 069/321] zumapro: sepolicy: Update gpu sysfs nodes sepolicies. Use similar gpu sysfs nodes sepolicies from zuma. Bug: 300516438 Test: ls -lZ /sys/devices/platform/1f000000.mali Change-Id: I7190c19c6122bf867a6bde939c4be006ae7432f9 --- legacy/zuma/vendor/genfs_contexts | 6 ------ vendor/genfs_contexts | 8 ++++++++ 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index 0fd66bc..3ef6014 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -223,12 +223,6 @@ genfscon sysfs /module/trusty_core/parameters/use_high_wq u:obje # EM Profile genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 -# GPU -genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 - # GSA logs genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 0276416..6d3b102 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -6,6 +6,14 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats # debugfs genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 +# GPU +genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/hint_power_on u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 + # Haptics genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 From 52ddf480c5bc748001e328050703e963004c1ac5 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki Date: Wed, 25 Oct 2023 16:52:41 +0000 Subject: [PATCH 070/321] dump_power: adding dwell defend logs sepolicy Bug: 306108267 Test: build/flash Test: adb bugreport Change-Id: I2dd8cbe12c88c5d5b776e299598d6573a0042711 Signed-off-by: Daniel Okazaki --- vendor/dump_power.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index e425214..4b112ba 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -16,6 +16,11 @@ allow dump_power sysfs_wlc:file r_file_perms; allow dump_power sysfs_power_dump:file r_file_perms; allow dump_power mitigation_vendor_data_file:dir r_dir_perms; allow dump_power mitigation_vendor_data_file:file rw_file_perms; +allow dump_power mnt_vendor_file:dir search; +allow dump_power persist_file:dir search; +allow dump_power persist_battery_file:dir r_dir_perms; +allow dump_power persist_battery_file:file r_file_perms; +allow dump_power vendor_shell_exec:file execute_no_trans; userdebug_or_eng(` allow dump_power debugfs:dir r_dir_perms; From 2ee5bdcc3410936a3a81cf59198fffb7462cf2ab Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 30 Oct 2023 16:12:14 +0800 Subject: [PATCH 071/321] Update error on ROM 11021299 Bug: 308380763 Bug: 308381394 Bug: 308381432 Bug: 308381409 Bug: 308381338 Bug: 308381747 Bug: 308381292 Bug: 308381668 Bug: 308381451 Bug: 308381687 Bug: 308381222 Bug: 308381263 Bug: 308381279 Bug: 308381611 Bug: 308381748 Test: SELinuxUncheckedDenialBootTest Change-Id: I54b3464f7e445c8a696a4e8dfd0613fd2e2ab7b1 --- tracking_denials/con_monitor_app.te | 6 +++++- tracking_denials/dmd.te | 2 ++ tracking_denials/gnss_check.te | 2 ++ .../hal_graphics_composer_default.te | 2 ++ tracking_denials/hal_health_default.te | 5 ++++- tracking_denials/hal_sensors_default.te | 2 ++ tracking_denials/kernel.te | 3 ++- tracking_denials/modem_ml_svc_sit.te | 2 ++ tracking_denials/rebalance_interrupts_vendor.te | 2 ++ tracking_denials/shell.te | 2 ++ tracking_denials/system_server.te | 3 ++- tracking_denials/system_suspend.te | 16 ++++++++++++++++ tracking_denials/systemui_app.te | 3 ++- tracking_denials/vendor_cccdktimesync_app.te | 2 ++ tracking_denials/vendor_init.te | 4 +++- 15 files changed, 50 insertions(+), 6 deletions(-) create mode 100644 tracking_denials/dmd.te create mode 100644 tracking_denials/gnss_check.te create mode 100644 tracking_denials/hal_graphics_composer_default.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/modem_ml_svc_sit.te create mode 100644 tracking_denials/rebalance_interrupts_vendor.te create mode 100644 tracking_denials/shell.te create mode 100644 tracking_denials/system_suspend.te create mode 100644 tracking_denials/vendor_cccdktimesync_app.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te index 9075c28..ffd9bec 100644 --- a/tracking_denials/con_monitor_app.te +++ b/tracking_denials/con_monitor_app.te @@ -1,4 +1,8 @@ # b/307468771 userdebug_or_eng(` permissive con_monitor_app; -') \ No newline at end of file +')# b/308381432 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; diff --git a/tracking_denials/dmd.te b/tracking_denials/dmd.te new file mode 100644 index 0000000..ac62949 --- /dev/null +++ b/tracking_denials/dmd.te @@ -0,0 +1,2 @@ +# b/308381409 +dontaudit dmd servicemanager:binder { call }; diff --git a/tracking_denials/gnss_check.te b/tracking_denials/gnss_check.te new file mode 100644 index 0000000..4db6b0d --- /dev/null +++ b/tracking_denials/gnss_check.te @@ -0,0 +1,2 @@ +# b/308381338 +dontaudit gnss_check property_socket:sock_file { write }; diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te new file mode 100644 index 0000000..6754f57 --- /dev/null +++ b/tracking_denials/hal_graphics_composer_default.te @@ -0,0 +1,2 @@ +# b/308381451 +dontaudit hal_graphics_composer_default sysfs:file { read }; diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te index aef0929..3da4968 100644 --- a/tracking_denials/hal_health_default.te +++ b/tracking_denials/hal_health_default.te @@ -1,4 +1,7 @@ # b/307468788 userdebug_or_eng(` permissive hal_health_default; -') \ No newline at end of file +')# b/308380763 +dontaudit hal_health_default sysfs:file { getattr }; +dontaudit hal_health_default sysfs:file { open }; +dontaudit hal_health_default sysfs:file { read }; diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..db925a3 --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,2 @@ +# b/308381687 +dontaudit hal_sensors_default sysfs_leds:file { write }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 8160c1f..3dda63e 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,4 +1,5 @@ # b/307468756 userdebug_or_eng(` permissive kernel; -') \ No newline at end of file +')# b/308381222 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/modem_ml_svc_sit.te b/tracking_denials/modem_ml_svc_sit.te new file mode 100644 index 0000000..f517366 --- /dev/null +++ b/tracking_denials/modem_ml_svc_sit.te @@ -0,0 +1,2 @@ +# b/308381747 +dontaudit modem_ml_svc_sit statsdw_socket:sock_file { write }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te new file mode 100644 index 0000000..fa7f82b --- /dev/null +++ b/tracking_denials/rebalance_interrupts_vendor.te @@ -0,0 +1,2 @@ +# b/308381263 +dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te new file mode 100644 index 0000000..729e8b0 --- /dev/null +++ b/tracking_denials/shell.te @@ -0,0 +1,2 @@ +# b/308381279 +dontaudit shell sysfs:file { getattr }; diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te index dd6e930..837b5f8 100644 --- a/tracking_denials/system_server.te +++ b/tracking_denials/system_server.te @@ -1,4 +1,5 @@ # b/307468690 userdebug_or_eng(` permissive system_server; -') \ No newline at end of file +')# b/308381611 +dontaudit system_server vendor_public_lib_file:dir { search }; diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te new file mode 100644 index 0000000..006eb47 --- /dev/null +++ b/tracking_denials/system_suspend.te @@ -0,0 +1,16 @@ +# b/308381292 +dontaudit system_suspend_server sysfs:dir { open }; +dontaudit system_suspend_server sysfs:dir { read }; +dontaudit system_suspend_server sysfs:file { getattr }; +dontaudit system_suspend_server sysfs:file { open }; +dontaudit system_suspend_server sysfs:file { read }; +dontaudit system_suspend_server sysfs_batteryinfo:dir { open }; +dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; +dontaudit system_suspend_server sysfs_batteryinfo:file { getattr }; +dontaudit system_suspend_server sysfs_batteryinfo:file { open }; +dontaudit system_suspend_server sysfs_batteryinfo:file { read }; +dontaudit system_suspend_server sysfs_wlc:dir { open }; +dontaudit system_suspend_server sysfs_wlc:dir { read }; +dontaudit system_suspend_server sysfs_wlc:file { getattr }; +dontaudit system_suspend_server sysfs_wlc:file { open }; +dontaudit system_suspend_server sysfs_wlc:file { read }; diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index b9967a6..f9f5389 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,4 +1,5 @@ # b/307468867 userdebug_or_eng(` permissive systemui_app; -') \ No newline at end of file +')# b/308381668 +dontaudit systemui_app statsmanager_service:service_manager { find }; diff --git a/tracking_denials/vendor_cccdktimesync_app.te b/tracking_denials/vendor_cccdktimesync_app.te new file mode 100644 index 0000000..885c6c6 --- /dev/null +++ b/tracking_denials/vendor_cccdktimesync_app.te @@ -0,0 +1,2 @@ +# b/308381394 +dontaudit vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager { find }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 2ae4665..4f3bce5 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,4 +1,6 @@ # b/307468733 userdebug_or_eng(` permissive vendor_init; -') \ No newline at end of file +')# b/308381748 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init default_prop:property_service { set }; From 0bbc562d4140a3e53c5c614d35be9f985e2ad3c2 Mon Sep 17 00:00:00 2001 From: Sergiu Ferentz Date: Mon, 30 Oct 2023 11:07:10 +0000 Subject: [PATCH 072/321] Revert "Update error on ROM 11021299" This reverts commit 2ee5bdcc3410936a3a81cf59198fffb7462cf2ab. Reason for revert: Build breakage at: b/308395718 Change-Id: I43b2eafbdb398ce4b47ee1e5ebd86e5317916e58 --- tracking_denials/con_monitor_app.te | 6 +----- tracking_denials/dmd.te | 2 -- tracking_denials/gnss_check.te | 2 -- .../hal_graphics_composer_default.te | 2 -- tracking_denials/hal_health_default.te | 5 +---- tracking_denials/hal_sensors_default.te | 2 -- tracking_denials/kernel.te | 3 +-- tracking_denials/modem_ml_svc_sit.te | 2 -- tracking_denials/rebalance_interrupts_vendor.te | 2 -- tracking_denials/shell.te | 2 -- tracking_denials/system_server.te | 3 +-- tracking_denials/system_suspend.te | 16 ---------------- tracking_denials/systemui_app.te | 3 +-- tracking_denials/vendor_cccdktimesync_app.te | 2 -- tracking_denials/vendor_init.te | 4 +--- 15 files changed, 6 insertions(+), 50 deletions(-) delete mode 100644 tracking_denials/dmd.te delete mode 100644 tracking_denials/gnss_check.te delete mode 100644 tracking_denials/hal_graphics_composer_default.te delete mode 100644 tracking_denials/hal_sensors_default.te delete mode 100644 tracking_denials/modem_ml_svc_sit.te delete mode 100644 tracking_denials/rebalance_interrupts_vendor.te delete mode 100644 tracking_denials/shell.te delete mode 100644 tracking_denials/system_suspend.te delete mode 100644 tracking_denials/vendor_cccdktimesync_app.te diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te index ffd9bec..9075c28 100644 --- a/tracking_denials/con_monitor_app.te +++ b/tracking_denials/con_monitor_app.te @@ -1,8 +1,4 @@ # b/307468771 userdebug_or_eng(` permissive con_monitor_app; -')# b/308381432 -dontaudit con_monitor_app activity_service:service_manager { find }; -dontaudit con_monitor_app content_capture_service:service_manager { find }; -dontaudit con_monitor_app game_service:service_manager { find }; -dontaudit con_monitor_app netstats_service:service_manager { find }; +') \ No newline at end of file diff --git a/tracking_denials/dmd.te b/tracking_denials/dmd.te deleted file mode 100644 index ac62949..0000000 --- a/tracking_denials/dmd.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381409 -dontaudit dmd servicemanager:binder { call }; diff --git a/tracking_denials/gnss_check.te b/tracking_denials/gnss_check.te deleted file mode 100644 index 4db6b0d..0000000 --- a/tracking_denials/gnss_check.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381338 -dontaudit gnss_check property_socket:sock_file { write }; diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te deleted file mode 100644 index 6754f57..0000000 --- a/tracking_denials/hal_graphics_composer_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381451 -dontaudit hal_graphics_composer_default sysfs:file { read }; diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te index 3da4968..aef0929 100644 --- a/tracking_denials/hal_health_default.te +++ b/tracking_denials/hal_health_default.te @@ -1,7 +1,4 @@ # b/307468788 userdebug_or_eng(` permissive hal_health_default; -')# b/308380763 -dontaudit hal_health_default sysfs:file { getattr }; -dontaudit hal_health_default sysfs:file { open }; -dontaudit hal_health_default sysfs:file { read }; +') \ No newline at end of file diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index db925a3..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381687 -dontaudit hal_sensors_default sysfs_leds:file { write }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 3dda63e..8160c1f 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,5 +1,4 @@ # b/307468756 userdebug_or_eng(` permissive kernel; -')# b/308381222 -dontaudit kernel kernel:capability { net_bind_service }; +') \ No newline at end of file diff --git a/tracking_denials/modem_ml_svc_sit.te b/tracking_denials/modem_ml_svc_sit.te deleted file mode 100644 index f517366..0000000 --- a/tracking_denials/modem_ml_svc_sit.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381747 -dontaudit modem_ml_svc_sit statsdw_socket:sock_file { write }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te deleted file mode 100644 index fa7f82b..0000000 --- a/tracking_denials/rebalance_interrupts_vendor.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381263 -dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te deleted file mode 100644 index 729e8b0..0000000 --- a/tracking_denials/shell.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381279 -dontaudit shell sysfs:file { getattr }; diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te index 837b5f8..dd6e930 100644 --- a/tracking_denials/system_server.te +++ b/tracking_denials/system_server.te @@ -1,5 +1,4 @@ # b/307468690 userdebug_or_eng(` permissive system_server; -')# b/308381611 -dontaudit system_server vendor_public_lib_file:dir { search }; +') \ No newline at end of file diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te deleted file mode 100644 index 006eb47..0000000 --- a/tracking_denials/system_suspend.te +++ /dev/null @@ -1,16 +0,0 @@ -# b/308381292 -dontaudit system_suspend_server sysfs:dir { open }; -dontaudit system_suspend_server sysfs:dir { read }; -dontaudit system_suspend_server sysfs:file { getattr }; -dontaudit system_suspend_server sysfs:file { open }; -dontaudit system_suspend_server sysfs:file { read }; -dontaudit system_suspend_server sysfs_batteryinfo:dir { open }; -dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; -dontaudit system_suspend_server sysfs_batteryinfo:file { getattr }; -dontaudit system_suspend_server sysfs_batteryinfo:file { open }; -dontaudit system_suspend_server sysfs_batteryinfo:file { read }; -dontaudit system_suspend_server sysfs_wlc:dir { open }; -dontaudit system_suspend_server sysfs_wlc:dir { read }; -dontaudit system_suspend_server sysfs_wlc:file { getattr }; -dontaudit system_suspend_server sysfs_wlc:file { open }; -dontaudit system_suspend_server sysfs_wlc:file { read }; diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index f9f5389..b9967a6 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,5 +1,4 @@ # b/307468867 userdebug_or_eng(` permissive systemui_app; -')# b/308381668 -dontaudit systemui_app statsmanager_service:service_manager { find }; +') \ No newline at end of file diff --git a/tracking_denials/vendor_cccdktimesync_app.te b/tracking_denials/vendor_cccdktimesync_app.te deleted file mode 100644 index 885c6c6..0000000 --- a/tracking_denials/vendor_cccdktimesync_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381394 -dontaudit vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager { find }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 4f3bce5..2ae4665 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,6 +1,4 @@ # b/307468733 userdebug_or_eng(` permissive vendor_init; -')# b/308381748 -dontaudit vendor_init debugfs_trace_marker:file { getattr }; -dontaudit vendor_init default_prop:property_service { set }; +') \ No newline at end of file From 6191d7d37f3d239582c5b1a1b2e3d8bf9288fd28 Mon Sep 17 00:00:00 2001 From: Megha Patil Date: Fri, 27 Oct 2023 04:05:48 +0000 Subject: [PATCH 073/321] Sepolicy for the new property to switch Modem Binary Sepolicy Rules added for telephony.TnNtn.image_switch BUG: b/298322438 Test: Test Binding sequence of Service Change-Id: Ie79aff94159d79a573ec92546a5d3e390b802b22 --- radio/cbd.te | 1 + radio/vendor_init.te | 1 + system_ext/private/pixelntnservice_app.te | 5 +++++ system_ext/private/property_contexts | 1 + system_ext/private/seapp_contexts | 2 ++ system_ext/public/pixelntnservice_app.te | 1 + system_ext/public/property.te | 3 ++- 7 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 system_ext/private/pixelntnservice_app.te create mode 100644 system_ext/public/pixelntnservice_app.te diff --git a/radio/cbd.te b/radio/cbd.te index 6827772..9657084 100644 --- a/radio/cbd.te +++ b/radio/cbd.te @@ -5,6 +5,7 @@ init_daemon_domain(cbd) set_prop(cbd, vendor_modem_prop) set_prop(cbd, vendor_cbd_prop) set_prop(cbd, vendor_rild_prop) +get_prop(cbd, telephony_modem_prop) allow cbd mnt_vendor_file:dir r_dir_perms; diff --git a/radio/vendor_init.te b/radio/vendor_init.te index ed6f530..592f723 100644 --- a/radio/vendor_init.te +++ b/radio/vendor_init.te @@ -1,4 +1,5 @@ set_prop(vendor_init, vendor_cbd_prop) +get_prop(vendor_init, telephony_modem_prop) set_prop(vendor_init, vendor_carrier_prop) set_prop(vendor_init, vendor_modem_prop) set_prop(vendor_init, vendor_rild_prop) diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te new file mode 100644 index 0000000..8bf71cc --- /dev/null +++ b/system_ext/private/pixelntnservice_app.te @@ -0,0 +1,5 @@ +typeattribute pixelntnservice_app coredomain; + +app_domain(pixelntnservice_app); +allow pixelntnservice_app app_api_service:service_manager find; +set_prop(pixelntnservice_app, telephony_modem_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 2f40ca4..16594cb 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -1,2 +1,3 @@ # Telephony +telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool diff --git a/system_ext/private/seapp_contexts b/system_ext/private/seapp_contexts index 1e85b73..a379f67 100644 --- a/system_ext/private/seapp_contexts +++ b/system_ext/private/seapp_contexts @@ -4,3 +4,5 @@ user=_app seinfo=platform name=com.android.pixeldisplayservice domain=pixeldispl # SystemUI user=_app seinfo=platform name=com.android.systemui domain=systemui_app type=app_data_file levelFrom=all user=_app seinfo=platform name=com.android.systemui:* domain=systemui_app type=app_data_file levelFrom=all +# PixelNtnService +user=system seinfo=platform name=com.google.android.satellite domain=pixelntnservice_app type=app_data_file levelFrom=all diff --git a/system_ext/public/pixelntnservice_app.te b/system_ext/public/pixelntnservice_app.te new file mode 100644 index 0000000..10661b6 --- /dev/null +++ b/system_ext/public/pixelntnservice_app.te @@ -0,0 +1 @@ +type pixelntnservice_app, domain; diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 8ad51ac..4dd97a5 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -1,6 +1,7 @@ # Telephony system_public_prop(telephony_ril_prop) +system_restricted_prop(telephony_modem_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) -') \ No newline at end of file +') From b750cf81795cf1c469a729e8b95c6a5f09d9b3f5 Mon Sep 17 00:00:00 2001 From: Sungwoo choi Date: Fri, 27 Oct 2023 11:37:29 +0900 Subject: [PATCH 074/321] sepolicy: define vendor_satellite_service domain vendor_satellite_service domain is for VendorSatelliteService. package: com.samsung.slsi.telephony.satelliteservice policy: vendor_satellite_service.te Bug: 303240366 Bug: 304696411 Test: make Change-Id: Ib7024d0397eda6d7f4e0809a1824dc550948207d Signed-off-by: Sungwoo choi --- radio/rild.te | 1 + radio/seapp_contexts | 2 ++ radio/vendor_satellite_service.te | 6 ++++++ 3 files changed, 9 insertions(+) create mode 100644 radio/vendor_satellite_service.te diff --git a/radio/rild.te b/radio/rild.te index 3a2bac7..0b197dc 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -30,6 +30,7 @@ binder_call(rild, grilservice_app) binder_call(rild, vendor_engineermode_app) binder_call(rild, vendor_telephony_debug_app) binder_call(rild, logger_app) +binder_call(rild, vendor_satellite_service) crash_dump_fallback(rild) diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 6d0de36..481aa84 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -32,3 +32,5 @@ user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engin # Domain for CatEngineService user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all +# Vendor Satellite Service +user=_app isPrivApp=true seinfo=platform name=com.samsung.slsi.telephony.satelliteservice domain=vendor_satellite_service levelFrom=all diff --git a/radio/vendor_satellite_service.te b/radio/vendor_satellite_service.te new file mode 100644 index 0000000..f6a1fa2 --- /dev/null +++ b/radio/vendor_satellite_service.te @@ -0,0 +1,6 @@ +type vendor_satellite_service, domain; + +app_domain(vendor_satellite_service); +allow vendor_satellite_service app_api_service:service_manager find; +allow vendor_satellite_service hal_exynos_rild_hwservice:hwservice_manager find; +binder_call(vendor_satellite_service, rild) \ No newline at end of file From eb67c49ec7ea518aff62a8b10ab72dc9af50afc3 Mon Sep 17 00:00:00 2001 From: samou Date: Tue, 31 Oct 2023 12:09:00 +0000 Subject: [PATCH 075/321] Update odpm scale value sepolicy Bug: 290149543 Change-Id: I9682a43e3ca1488ef732580fe395b34e32a902cc Signed-off-by: samou --- vendor/genfs_contexts | 50 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 15b9e34..c73793e 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -25,3 +25,53 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.au # GPU genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 From eed49f4c465577868c004a3bba9c868fd9f77143 Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Wed, 27 Sep 2023 16:18:34 +0000 Subject: [PATCH 076/321] Add selinux policy change to allow MDS access Samsung OemRil hal. Bug: 301641283 selinux log: 11-03 15:32:38.850 2643 2643 I auditd : type=1400 audit(0.0:1616): avc: denied { call } for comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.850 2643 2643 I binder:2643_3: type=1400 audit(0.0:1616): avc: denied { call } for scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 2643 2643 I auditd : type=1400 audit(0.0:1617): avc: denied { transfer } for comm="binder:2643_3" scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 2643 2643 I binder:2643_3: type=1400 audit(0.0:1617): avc: denied { transfer } for scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:r:rild:s0 tclass=binder permissive=1 app=com.google.mds 11-03 15:32:38.854 1095 1095 I auditd : type=1400 audit(0.0:1618): avc: denied { call } for comm="HwBinder:1095_1" scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1 11-03 15:32:38.854 1095 1095 I HwBinder:1095_1: type=1400 audit(0.0:1618): avc: denied { call } for scontext=u:r:rild:s0 tcontext=u:r:modem_diagnostic_app:s0:c512,c768 tclass=binder permissive=1 Change-Id: Ia71844db230302fd3120b28b3ade2e55443ec078 --- radio/modem_diagnostic_app.te | 3 +++ radio/rild.te | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index b5cce03..b21b792 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -9,6 +9,9 @@ allow modem_diagnostic_app radio_service:service_manager find; userdebug_or_eng(` hal_client_domain(modem_diagnostic_app, hal_power_stats); + allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find; + binder_call(modem_diagnostic_app, rild) + binder_call(modem_diagnostic_app, dmd) set_prop(modem_diagnostic_app, vendor_cbd_prop) diff --git a/radio/rild.te b/radio/rild.te index 3a2bac7..2c272a5 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -40,3 +40,7 @@ add_hwservice(rild, hal_exynos_rild_hwservice) allow rild modem_img_file:dir r_dir_perms; allow rild modem_img_file:file r_file_perms; allow rild modem_img_file:lnk_file r_file_perms; + +userdebug_or_eng(` + binder_call(rild, modem_diagnostic_app) +') From dd2b21c59b3793e0f159cfb3f1c5316d8d6e91a0 Mon Sep 17 00:00:00 2001 From: samou Date: Thu, 2 Nov 2023 09:49:37 +0000 Subject: [PATCH 077/321] Allow dump_power to create thismeal.txt by executing battery_mitigation Bug: 293899466 Change-Id: I648bd54c7ff0909afaddda45a2f091500ab9227e Signed-off-by: samou --- vendor/dump_power.te | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/vendor/dump_power.te b/vendor/dump_power.te index 4b112ba..7c836ea 100644 --- a/vendor/dump_power.te +++ b/vendor/dump_power.te @@ -14,13 +14,15 @@ allow dump_power sysfs_batteryinfo:file r_file_perms; allow dump_power sysfs_wlc:dir search; allow dump_power sysfs_wlc:file r_file_perms; allow dump_power sysfs_power_dump:file r_file_perms; -allow dump_power mitigation_vendor_data_file:dir r_dir_perms; -allow dump_power mitigation_vendor_data_file:file rw_file_perms; +allow dump_power mitigation_vendor_data_file:dir rw_dir_perms; +allow dump_power mitigation_vendor_data_file:file create_file_perms; allow dump_power mnt_vendor_file:dir search; allow dump_power persist_file:dir search; allow dump_power persist_battery_file:dir r_dir_perms; allow dump_power persist_battery_file:file r_file_perms; allow dump_power vendor_shell_exec:file execute_no_trans; +allow dump_power battery_mitigation_exec:file execute_no_trans; +allow dump_power sysfs_iio_devices:dir search; userdebug_or_eng(` allow dump_power debugfs:dir r_dir_perms; From 94b82378b6bbf53b3b3ec3409d70731a0de14a59 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 30 Oct 2023 11:23:26 +0000 Subject: [PATCH 078/321] Update error on ROM 11021299 Bug: 308380763 Bug: 308381394 Bug: 308381432 Bug: 308381409 Bug: 308381338 Bug: 308381747 Bug: 308381292 Bug: 308381668 Bug: 308381451 Bug: 308381687 Bug: 308381222 Bug: 308381263 Bug: 308381279 Bug: 308381611 Bug: 308381748 Test: SELinuxUncheckedDenialBootTest Change-Id: If24f3fcb5a1830ef834119d05e49f23193ae132e --- private/systemui_app.te | 3 +++ tracking_denials/con_monitor_app.te | 6 +++++- tracking_denials/dmd.te | 2 ++ .../hal_graphics_composer_default.te | 2 ++ tracking_denials/hal_health_default.te | 5 ++++- tracking_denials/hal_sensors_default.te | 2 ++ tracking_denials/kernel.te | 3 ++- tracking_denials/modem_ml_svc_sit.te | 2 ++ tracking_denials/rebalance_interrupts_vendor.te | 2 ++ tracking_denials/shell.te | 2 ++ tracking_denials/system_server.te | 3 ++- tracking_denials/system_suspend.te | 16 ++++++++++++++++ tracking_denials/systemui_app.te | 2 +- tracking_denials/vendor_cccdktimesync_app.te | 2 ++ tracking_denials/vendor_init.te | 4 +++- 15 files changed, 50 insertions(+), 6 deletions(-) create mode 100644 private/systemui_app.te create mode 100644 tracking_denials/dmd.te create mode 100644 tracking_denials/hal_graphics_composer_default.te create mode 100644 tracking_denials/hal_sensors_default.te create mode 100644 tracking_denials/modem_ml_svc_sit.te create mode 100644 tracking_denials/rebalance_interrupts_vendor.te create mode 100644 tracking_denials/shell.te create mode 100644 tracking_denials/system_suspend.te create mode 100644 tracking_denials/vendor_cccdktimesync_app.te diff --git a/private/systemui_app.te b/private/systemui_app.te new file mode 100644 index 0000000..cfd0862 --- /dev/null +++ b/private/systemui_app.te @@ -0,0 +1,3 @@ +# b/308381668 +dontaudit systemui_app statsmanager_service:service_manager { find }; + diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te index 9075c28..ffd9bec 100644 --- a/tracking_denials/con_monitor_app.te +++ b/tracking_denials/con_monitor_app.te @@ -1,4 +1,8 @@ # b/307468771 userdebug_or_eng(` permissive con_monitor_app; -') \ No newline at end of file +')# b/308381432 +dontaudit con_monitor_app activity_service:service_manager { find }; +dontaudit con_monitor_app content_capture_service:service_manager { find }; +dontaudit con_monitor_app game_service:service_manager { find }; +dontaudit con_monitor_app netstats_service:service_manager { find }; diff --git a/tracking_denials/dmd.te b/tracking_denials/dmd.te new file mode 100644 index 0000000..ac62949 --- /dev/null +++ b/tracking_denials/dmd.te @@ -0,0 +1,2 @@ +# b/308381409 +dontaudit dmd servicemanager:binder { call }; diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te new file mode 100644 index 0000000..6754f57 --- /dev/null +++ b/tracking_denials/hal_graphics_composer_default.te @@ -0,0 +1,2 @@ +# b/308381451 +dontaudit hal_graphics_composer_default sysfs:file { read }; diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te index aef0929..3da4968 100644 --- a/tracking_denials/hal_health_default.te +++ b/tracking_denials/hal_health_default.te @@ -1,4 +1,7 @@ # b/307468788 userdebug_or_eng(` permissive hal_health_default; -') \ No newline at end of file +')# b/308380763 +dontaudit hal_health_default sysfs:file { getattr }; +dontaudit hal_health_default sysfs:file { open }; +dontaudit hal_health_default sysfs:file { read }; diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te new file mode 100644 index 0000000..db925a3 --- /dev/null +++ b/tracking_denials/hal_sensors_default.te @@ -0,0 +1,2 @@ +# b/308381687 +dontaudit hal_sensors_default sysfs_leds:file { write }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 8160c1f..3dda63e 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,4 +1,5 @@ # b/307468756 userdebug_or_eng(` permissive kernel; -') \ No newline at end of file +')# b/308381222 +dontaudit kernel kernel:capability { net_bind_service }; diff --git a/tracking_denials/modem_ml_svc_sit.te b/tracking_denials/modem_ml_svc_sit.te new file mode 100644 index 0000000..f517366 --- /dev/null +++ b/tracking_denials/modem_ml_svc_sit.te @@ -0,0 +1,2 @@ +# b/308381747 +dontaudit modem_ml_svc_sit statsdw_socket:sock_file { write }; diff --git a/tracking_denials/rebalance_interrupts_vendor.te b/tracking_denials/rebalance_interrupts_vendor.te new file mode 100644 index 0000000..fa7f82b --- /dev/null +++ b/tracking_denials/rebalance_interrupts_vendor.te @@ -0,0 +1,2 @@ +# b/308381263 +dontaudit rebalance_interrupts_vendor rebalance_interrupts_vendor:capability { dac_override }; diff --git a/tracking_denials/shell.te b/tracking_denials/shell.te new file mode 100644 index 0000000..729e8b0 --- /dev/null +++ b/tracking_denials/shell.te @@ -0,0 +1,2 @@ +# b/308381279 +dontaudit shell sysfs:file { getattr }; diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te index dd6e930..837b5f8 100644 --- a/tracking_denials/system_server.te +++ b/tracking_denials/system_server.te @@ -1,4 +1,5 @@ # b/307468690 userdebug_or_eng(` permissive system_server; -') \ No newline at end of file +')# b/308381611 +dontaudit system_server vendor_public_lib_file:dir { search }; diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te new file mode 100644 index 0000000..006eb47 --- /dev/null +++ b/tracking_denials/system_suspend.te @@ -0,0 +1,16 @@ +# b/308381292 +dontaudit system_suspend_server sysfs:dir { open }; +dontaudit system_suspend_server sysfs:dir { read }; +dontaudit system_suspend_server sysfs:file { getattr }; +dontaudit system_suspend_server sysfs:file { open }; +dontaudit system_suspend_server sysfs:file { read }; +dontaudit system_suspend_server sysfs_batteryinfo:dir { open }; +dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; +dontaudit system_suspend_server sysfs_batteryinfo:file { getattr }; +dontaudit system_suspend_server sysfs_batteryinfo:file { open }; +dontaudit system_suspend_server sysfs_batteryinfo:file { read }; +dontaudit system_suspend_server sysfs_wlc:dir { open }; +dontaudit system_suspend_server sysfs_wlc:dir { read }; +dontaudit system_suspend_server sysfs_wlc:file { getattr }; +dontaudit system_suspend_server sysfs_wlc:file { open }; +dontaudit system_suspend_server sysfs_wlc:file { read }; diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te index b9967a6..9b32ff4 100644 --- a/tracking_denials/systemui_app.te +++ b/tracking_denials/systemui_app.te @@ -1,4 +1,4 @@ # b/307468867 userdebug_or_eng(` permissive systemui_app; -') \ No newline at end of file +') diff --git a/tracking_denials/vendor_cccdktimesync_app.te b/tracking_denials/vendor_cccdktimesync_app.te new file mode 100644 index 0000000..885c6c6 --- /dev/null +++ b/tracking_denials/vendor_cccdktimesync_app.te @@ -0,0 +1,2 @@ +# b/308381394 +dontaudit vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager { find }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 2ae4665..4f3bce5 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,4 +1,6 @@ # b/307468733 userdebug_or_eng(` permissive vendor_init; -') \ No newline at end of file +')# b/308381748 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init default_prop:property_service { set }; From 956c64326757b0feefcc715ba52a91088e660f75 Mon Sep 17 00:00:00 2001 From: Tai Kuo Date: Mon, 6 Nov 2023 17:54:47 +0800 Subject: [PATCH 079/321] Remove unused CS40L26 I2C paths Bug: 285343932 Bug: 307468462 Test: No AVC denials. Change-Id: Id25e88e536500b9c205acf87900b597d611a9b63 --- legacy/whitechapel_pro/genfs_contexts | 6 ------ tracking_denials/hal_vibrator_default.te | 4 ---- 2 files changed, 10 deletions(-) delete mode 100644 tracking_denials/hal_vibrator_default.te diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts index 34f9ee4..22e5325 100644 --- a/legacy/whitechapel_pro/genfs_contexts +++ b/legacy/whitechapel_pro/genfs_contexts @@ -30,12 +30,6 @@ genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 -# Haptics -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-5/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-6/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 -genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-cs40l26a u:object_r:sysfs_vibrator:s0 - # Thermal genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0 diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te deleted file mode 100644 index 6cce477..0000000 --- a/tracking_denials/hal_vibrator_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468462 -userdebug_or_eng(` - permissive hal_vibrator_default; -') \ No newline at end of file From 873751ee6085a35345295ff0f50054ece37848f1 Mon Sep 17 00:00:00 2001 From: Weizhung Ding Date: Mon, 6 Nov 2023 13:54:41 +0000 Subject: [PATCH 080/321] sync legacy sysfs_display permission Test: build Bug: 308381451 Change-Id: I470500ec44b08bcb2c106d27100bef0a9e301742 --- legacy/zuma/vendor/genfs_contexts | 3 +++ tracking_denials/hal_graphics_composer_default.te | 2 -- 2 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 tracking_denials/hal_graphics_composer_default.te diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index 3f0a3ad..a9f67d5 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -81,6 +81,9 @@ genfscon sysfs /devices/platform/19470000.drmdecon/hibernation genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te deleted file mode 100644 index 6754f57..0000000 --- a/tracking_denials/hal_graphics_composer_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381451 -dontaudit hal_graphics_composer_default sysfs:file { read }; From e759711bf5945df1c6d72bc6a8d27aa71eb51774 Mon Sep 17 00:00:00 2001 From: Rick Chen Date: Fri, 3 Nov 2023 20:10:49 +0800 Subject: [PATCH 081/321] sensors: Move USF related sepolicy to gs-common. Bug: 305120274 Test: Compile pass. Change-Id: Id2d47bcf49d21bc7144145d07fd54bddf3e9033c Signed-off-by: Rick Chen --- legacy/whitechapel_pro/file.te | 1 - legacy/whitechapel_pro/file_contexts | 4 -- legacy/whitechapel_pro/te_macros | 14 ------ legacy/zuma/vendor/file.te | 2 - legacy/zuma/vendor/hal_sensors_default.te | 60 ++++++----------------- 5 files changed, 14 insertions(+), 67 deletions(-) delete mode 100644 legacy/whitechapel_pro/te_macros diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te index db0b31f..786e5f4 100644 --- a/legacy/whitechapel_pro/file.te +++ b/legacy/whitechapel_pro/file.te @@ -3,7 +3,6 @@ type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; -type sensor_debug_data_file, file_type, data_file_type; # sysfs type bootdevice_sysdev, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 50db736..8da8ce1 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -40,12 +40,8 @@ /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 -/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 -# Persist -/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 - # Raw HID device /dev/hidraw[0-9]* u:object_r:hidraw_device:s0 diff --git a/legacy/whitechapel_pro/te_macros b/legacy/whitechapel_pro/te_macros deleted file mode 100644 index 01ac13c..0000000 --- a/legacy/whitechapel_pro/te_macros +++ /dev/null @@ -1,14 +0,0 @@ -# -# USF SELinux type enforcement macros. -# - -# -# usf_low_latency_transport(domain) -# -# Allows domain use of the USF low latency transport. -# -define(`usf_low_latency_transport', ` - allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; - hal_client_domain($1, hal_graphics_allocator) -') - diff --git a/legacy/zuma/vendor/file.te b/legacy/zuma/vendor/file.te index 4c01d25..87308f3 100644 --- a/legacy/zuma/vendor/file.te +++ b/legacy/zuma/vendor/file.te @@ -2,7 +2,6 @@ type persist_display_file, file_type, vendor_persist_type; type persist_battery_file, file_type, vendor_persist_type; type persist_camera_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; type persist_fingerprint_file, file_type, vendor_persist_type; #sysfs @@ -35,7 +34,6 @@ type chre_socket, file_type; type vendor_bt_data_file, file_type, data_file_type; # Data -type sensor_reg_data_file, file_type, data_file_type; type chre_data_file, file_type, data_file_type; type vendor_fingerprint_data_file, file_type, data_file_type; diff --git a/legacy/zuma/vendor/hal_sensors_default.te b/legacy/zuma/vendor/hal_sensors_default.te index b9f6a72..7267dd3 100644 --- a/legacy/zuma/vendor/hal_sensors_default.te +++ b/legacy/zuma/vendor/hal_sensors_default.te @@ -1,58 +1,26 @@ -# Allow access to the AoC communication driver. -allow hal_sensors_default aoc_device:chr_file rw_file_perms; - -# Allow create thread to watch AOC's device. -allow hal_sensors_default device:dir r_dir_perms; - -# Allow access to CHRE socket to connect to nanoapps. -allow hal_sensors_default chre:unix_stream_socket connectto; -allow hal_sensors_default chre_socket:sock_file write; - -# Allow SensorSuez to connect AIDL stats. -allow hal_sensors_default fwk_stats_service:service_manager find; - -# Allow sensor HAL to access the graphics composer. -binder_call(hal_sensors_default, hal_graphics_composer_default); - -# Allow sensor HAL to access the display service HAL -allow hal_sensors_default hal_pixel_display_service:service_manager find; - -# Allow reading of sensor registry persist files and camera persist files. -allow hal_sensors_default mnt_vendor_file:dir search; -allow hal_sensors_default persist_file:dir search; -allow hal_sensors_default persist_file:file r_file_perms; -allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; -allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; +# Allow reading of camera persist files. r_dir_file(hal_sensors_default, persist_camera_file) -# Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file create_file_perms; +# Allow access to the files of CDT information. +r_dir_file(hal_sensors_default, sysfs_chosen) -# Allow access to the sysfs_aoc. -allow hal_sensors_default sysfs_aoc:dir search; -allow hal_sensors_default sysfs_aoc:file r_file_perms; - -# Allow access to the AoC clock and kernel boot time sys FS node. This is needed -# to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; +# Allow sensor HAL to access the thermal service HAL +hal_client_domain(hal_sensors_default, hal_thermal); # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_write_leds:file rw_file_perms; -# Allow access to sensor service for sensor_listener. -binder_call(hal_sensors_default, system_server); - # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) -# Allow access to the display info for ALS. -allow hal_sensors_default sysfs_display:file rw_file_perms; +# Allow access to raw HID devices for dynamic sensors. +allow hal_sensors_default hidraw_device:chr_file rw_file_perms; -# Allow access to the files of CDT information. -allow hal_sensors_default sysfs_chosen:dir search; -allow hal_sensors_default sysfs_chosen:file r_file_perms; +# Allow sensor HAL to access the display service HAL +allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_leds:dir search; -allow hal_sensors_default sysfs_leds:file r_file_perms; +# Allow sensor HAL to access the graphics composer. +binder_call(hal_sensors_default, hal_graphics_composer_default) + +# Allow access to the power supply files for MagCC. +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; From c56335f89d1c6df0aab8ee59be349753b913d803 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 7 Nov 2023 11:36:45 +0800 Subject: [PATCH 082/321] Update error on ROM 11060498 Bug: 309551158 Bug: 309551159 Bug: 309550514 Bug: 309550905 Bug: 309551062 Test: SELinuxUncheckedDenialBootTest Change-Id: Ic8d05cea6a18c240f9fcf801ceaeabe3f51ae03c --- tracking_denials/bug_map | 6 ++++++ tracking_denials/hal_gnss_default.te | 3 +++ tracking_denials/platform_app.te | 2 ++ 3 files changed, 11 insertions(+) create mode 100644 tracking_denials/hal_gnss_default.te create mode 100644 tracking_denials/platform_app.te diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 616e642..814f63e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -40,3 +40,9 @@ vendor_init tee_data_file lnk_file b/272166664 vendor_init vendor_camera_prop property_service b/267714573 vendor_init vendor_camera_prop property_service b/268566481 vendor_init vendor_camera_prop property_service b/273143844 +sctd sctd tcp_socket b/309550514 +sctd swcnd unix_stream_socket b/309550514 +sctd vendor_persist_config_default_prop file b/309550514 +spad spad unix_stream_socket b/309550905 +swcnd swcnd unix_stream_socket b/309551062 + diff --git a/tracking_denials/hal_gnss_default.te b/tracking_denials/hal_gnss_default.te new file mode 100644 index 0000000..76bc5e9 --- /dev/null +++ b/tracking_denials/hal_gnss_default.te @@ -0,0 +1,3 @@ +# b/309551158 +dontaudit hal_gnss_default fwk_sensor_service:service_manager { find }; +dontaudit hal_gnss_default vendor_gps_prop:file { read }; diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te new file mode 100644 index 0000000..c7f81c7 --- /dev/null +++ b/tracking_denials/platform_app.te @@ -0,0 +1,2 @@ +# b/309551159 +dontaudit platform_app radio_vendor_data_file:dir { search }; From 59b9e9ce4e557bc23699fcaadf9021dc7074626c Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Wed, 8 Nov 2023 00:04:44 +0800 Subject: [PATCH 083/321] sepolicy: remove tracking_denials/hal_health_default.te local check there is no hal_health_default related sepolicy error log, remove related .te file. Bug: 307468788 Change-Id: I8c12a2fb76241f9c9f096dddbf3a81f5f041359b Signed-off-by: Jenny Ho --- tracking_denials/hal_health_default.te | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 tracking_denials/hal_health_default.te diff --git a/tracking_denials/hal_health_default.te b/tracking_denials/hal_health_default.te deleted file mode 100644 index 3da4968..0000000 --- a/tracking_denials/hal_health_default.te +++ /dev/null @@ -1,7 +0,0 @@ -# b/307468788 -userdebug_or_eng(` - permissive hal_health_default; -')# b/308380763 -dontaudit hal_health_default sysfs:file { getattr }; -dontaudit hal_health_default sysfs:file { open }; -dontaudit hal_health_default sysfs:file { read }; From 5d3838f1eb88bb8aaeae640135682fc099e793d3 Mon Sep 17 00:00:00 2001 From: Mike Wang Date: Wed, 8 Nov 2023 05:19:22 +0000 Subject: [PATCH 084/321] Change the MDS to platform app in selinux ap context. The MDS will be signed with platform key and become a platform app. To make the selinux rules for modem_diagnostic_app work, need to set it to platform app in app context. Bug: 287683516 Test: Tested with both dev key or platform key signed MDS apps and the selinux rules works. Change-Id: I19cce0963d85fd156e54f3c530431e1d465054b3 --- radio/seapp_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 6d0de36..9caa394 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -6,6 +6,7 @@ user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type= # Modem Diagnostic System user=_app isPrivApp=true seinfo=mds name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user +user=_app isPrivApp=true seinfo=platform name=com.google.mds domain=modem_diagnostic_app type=app_data_file levelFrom=user # grilservice user=_app isPrivApp=true name=com.google.android.grilservice domain=grilservice_app levelFrom=all From c67fe4c115762696423042c790a222395c5a15a8 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 8 Nov 2023 16:06:29 +0800 Subject: [PATCH 085/321] Update error on ROM 11063387 Bug: 309732305 Test: SELinuxUncheckedDenialBootTest Change-Id: Ie6ba6830346630f851bc2db7b5965686e865edb5 --- tracking_denials/con_monitor_app.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te index ffd9bec..cd49788 100644 --- a/tracking_denials/con_monitor_app.te +++ b/tracking_denials/con_monitor_app.te @@ -6,3 +6,9 @@ dontaudit con_monitor_app activity_service:service_manager { find }; dontaudit con_monitor_app content_capture_service:service_manager { find }; dontaudit con_monitor_app game_service:service_manager { find }; dontaudit con_monitor_app netstats_service:service_manager { find }; +# b/309732305 +dontaudit con_monitor_app batterystats_service:service_manager { find }; +dontaudit con_monitor_app init:unix_stream_socket { connectto }; +dontaudit con_monitor_app property_socket:sock_file { write }; +dontaudit con_monitor_app radio_prop:property_service { set }; +dontaudit con_monitor_app virtual_device_service:service_manager { find }; From 46d2ea414e2a4240935ddb6cab6a3ae23f265dd5 Mon Sep 17 00:00:00 2001 From: Alec Foster Date: Fri, 10 Nov 2023 00:26:18 +0000 Subject: [PATCH 086/321] Add IQfpExtendedFingerprint to service_contexts. Bug: 309966766 Bug: 309015469 Test: Fingerprint enroll successfully starts. Test: adb logcat -b events -e avc -d | grep -iE "qfp" Change-Id: Ie8f1c55057f8e32bae4db8b5ff22986f77c95dcf --- vendor/service_contexts | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/service_contexts diff --git a/vendor/service_contexts b/vendor/service_contexts new file mode 100644 index 0000000..ff110d6 --- /dev/null +++ b/vendor/service_contexts @@ -0,0 +1 @@ +vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0 From f6ee9c4b50f8709e4c1c7e5ef82d93a88a57e460 Mon Sep 17 00:00:00 2001 From: Daniel Norman Date: Fri, 10 Nov 2023 22:43:40 +0000 Subject: [PATCH 087/321] Removes duplicate hidraw_device type definition. This type is now defined by the platform. Bug: 303522222 Change-Id: I1a53405c7b6f12d6318a7808fa2cb61e02696cba Test: ls -z /dev/hidraw0 --- legacy/whitechapel_pro/device.te | 3 --- legacy/whitechapel_pro/file_contexts | 3 --- 2 files changed, 6 deletions(-) diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index bf6f21c..7d31940 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -2,6 +2,3 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 8da8ce1..184c997 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -42,6 +42,3 @@ /data/per_boot(/.*)? u:object_r:per_boot_file:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 From 6b3841bea395706870887f5bd6712fbb480a1b31 Mon Sep 17 00:00:00 2001 From: Avinash Malipatil Date: Tue, 14 Nov 2023 15:55:17 +0000 Subject: [PATCH 088/321] SEPolicy change to allow ImsMedia to set priority of audio threads. Setting real-time thread priority for audio threads is a must to handle voice stream during vowifi calls. AVC Error: auditd : avc: denied { find } for pid=9346 uid=1001 name=scheduling_policy scontext=u:r:radio:s0 tcontext=u:object_r:scheduling_policy_service:s0 tclass=service_manager permissive=0 Bug: 309727903 Bug: 308517246 Test: adb shell 'ps -Tl -p ' Change-Id: Ib37aa1018ee63433ad878d1319a0c8158754befd --- radio/radio.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/radio.te b/radio/radio.te index 221c812..00a5009 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -6,3 +6,4 @@ allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; allow radio aoc_device:chr_file rw_file_perms; allow radio hal_audio_ext_hwservice:hwservice_manager find; binder_call(radio, hal_audio_default) +allow radio scheduling_policy_service:service_manager find; From 48735bb4784918ca532e92d92424935c52202d2d Mon Sep 17 00:00:00 2001 From: Megha Patil Date: Wed, 15 Nov 2023 05:50:05 +0000 Subject: [PATCH 089/321] Add a new property to track the current Binary new propert to mirror the current binary Bug: b/311102904 Test: Test the Enable Satellite Api Change-Id: I0e207e8e9c48b0b081fb76a252649e7e0dc07210 --- radio/cbd.te | 1 + radio/radio.te | 1 + radio/rild.te | 1 + radio/vendor_init.te | 1 + system_ext/private/pixelntnservice_app.te | 1 + system_ext/private/property_contexts | 1 + system_ext/public/property.te | 1 + 7 files changed, 7 insertions(+) diff --git a/radio/cbd.te b/radio/cbd.te index 9657084..ae5af2a 100644 --- a/radio/cbd.te +++ b/radio/cbd.te @@ -6,6 +6,7 @@ set_prop(cbd, vendor_modem_prop) set_prop(cbd, vendor_cbd_prop) set_prop(cbd, vendor_rild_prop) get_prop(cbd, telephony_modem_prop) +set_prop(cbd, telephony_modemtype_prop) allow cbd mnt_vendor_file:dir r_dir_perms; diff --git a/radio/radio.te b/radio/radio.te index 221c812..91ad8dc 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,4 +1,5 @@ set_prop(radio, telephony_ril_prop) +set_prop(radio, telephony_modemtype_prop) allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; diff --git a/radio/rild.te b/radio/rild.te index 2c272a5..b155036 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -7,6 +7,7 @@ get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) set_prop(rild, telephony_ril_prop) +set_prop(radio, telephony_modemtype_prop) allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; diff --git a/radio/vendor_init.te b/radio/vendor_init.te index 592f723..7d6d39d 100644 --- a/radio/vendor_init.te +++ b/radio/vendor_init.te @@ -1,5 +1,6 @@ set_prop(vendor_init, vendor_cbd_prop) get_prop(vendor_init, telephony_modem_prop) +set_prop(vendor_init, telephony_modemtype_prop) set_prop(vendor_init, vendor_carrier_prop) set_prop(vendor_init, vendor_modem_prop) set_prop(vendor_init, vendor_rild_prop) diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te index 8bf71cc..231877b 100644 --- a/system_ext/private/pixelntnservice_app.te +++ b/system_ext/private/pixelntnservice_app.te @@ -3,3 +3,4 @@ typeattribute pixelntnservice_app coredomain; app_domain(pixelntnservice_app); allow pixelntnservice_app app_api_service:service_manager find; set_prop(pixelntnservice_app, telephony_modem_prop) +get_prop(pixelntnservice_app, telephony_modemtype_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 16594cb..b88ac5a 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -1,3 +1,4 @@ # Telephony telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn +telephony.ril.modem_bin_status u:object_r:telephony_modemtype_prop:s0 exact uint telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 4dd97a5..8e5eb71 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -1,6 +1,7 @@ # Telephony system_public_prop(telephony_ril_prop) system_restricted_prop(telephony_modem_prop) +system_public_prop(telephony_modemtype_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) From 453f8f58ff2ce80a75a140fdd07bd7e9eff2c78d Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Mon, 6 Nov 2023 12:48:55 +0000 Subject: [PATCH 090/321] sepolicy: remove tracking_denials/hal_wireless_charger.te Bug: 307468561 Test: Build/Flash Change-Id: I36c20bc37329d33fa79dfe35434b773afc4b2324 Signed-off-by: YiKai Peng --- tracking_denials/hal_wireless_charger.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/hal_wireless_charger.te diff --git a/tracking_denials/hal_wireless_charger.te b/tracking_denials/hal_wireless_charger.te deleted file mode 100644 index ed89d0c..0000000 --- a/tracking_denials/hal_wireless_charger.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468561 -userdebug_or_eng(` - permissive hal_wireless_charger; -') \ No newline at end of file From 84ef937a191c36e3ea44c8b876ae084731374e67 Mon Sep 17 00:00:00 2001 From: Chien Kun Niu Date: Tue, 14 Nov 2023 16:17:06 +0800 Subject: [PATCH 091/321] hal_usb_impl: Move hal_usb_impl and hal_usb_gadget_impl to vendor Move hal_usb_impl and hal_usb_gadget_impl to right space Bug: 310816620 Change-Id: I04d3710dd7f4e52b204f537de73d18a1351a6836 Signed-off-by: Chien Kun Niu --- legacy/zuma/vendor/file.te | 1 - legacy/zuma/vendor/file_contexts | 4 ---- legacy/zuma/vendor/genfs_contexts | 7 ------- legacy/zuma/vendor/property.te | 3 --- legacy/zuma/vendor/property_contexts | 4 ---- legacy/zuma/vendor/vendor_init.te | 3 --- vendor/file.te | 1 + vendor/file_contexts | 4 ++++ vendor/genfs_contexts | 7 +++++++ {legacy/zuma/vendor => vendor}/hal_usb_gadget_impl.te | 0 {legacy/zuma/vendor => vendor}/hal_usb_impl.te | 0 vendor/property.te | 3 +++ vendor/property_contexts | 4 ++++ vendor/vendor_init.te | 2 ++ 14 files changed, 21 insertions(+), 22 deletions(-) rename {legacy/zuma/vendor => vendor}/hal_usb_gadget_impl.te (100%) rename {legacy/zuma/vendor => vendor}/hal_usb_impl.te (100%) create mode 100644 vendor/property.te create mode 100644 vendor/property_contexts create mode 100644 vendor/vendor_init.te diff --git a/legacy/zuma/vendor/file.te b/legacy/zuma/vendor/file.te index 87308f3..ad6451b 100644 --- a/legacy/zuma/vendor/file.te +++ b/legacy/zuma/vendor/file.te @@ -21,7 +21,6 @@ type vendor_charger_debugfs, fs_type, debugfs_type; type vendor_votable_debugfs, fs_type, debugfs_type; type vendor_battery_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_usb_debugfs, fs_type, debugfs_type; type vendor_maxfg_debugfs, fs_type, debugfs_type; # WLC diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts index 7aba188..7980516 100644 --- a/legacy/zuma/vendor/file_contexts +++ b/legacy/zuma/vendor/file_contexts @@ -3,8 +3,6 @@ /vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 -/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 @@ -85,8 +83,6 @@ /dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 /dev/gxp u:object_r:gxp_device:s0 /dev/mali0 u:object_r:gpu_device:s0 -/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 /dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 /dev/logbuffer_wireless u:object_r:logbuffer_device:s0 /dev/logbuffer_ttf u:object_r:logbuffer_device:s0 diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts index a9f67d5..00fe279 100644 --- a/legacy/zuma/vendor/genfs_contexts +++ b/legacy/zuma/vendor/genfs_contexts @@ -29,7 +29,6 @@ genfscon debugfs /max77779_pmic u:object genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 @@ -137,7 +136,6 @@ genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average # Battery genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -153,7 +151,6 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -175,7 +172,6 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/pow genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 @@ -187,17 +183,14 @@ genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/p genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/legacy/zuma/vendor/property.te b/legacy/zuma/vendor/property.te index 8ef51a8..90efd65 100644 --- a/legacy/zuma/vendor/property.te +++ b/legacy/zuma/vendor/property.te @@ -5,9 +5,6 @@ vendor_internal_prop(vendor_fingerprint_prop) vendor_internal_prop(vendor_battery_defender_prop) vendor_internal_prop(vendor_shutdown_prop) -# USB -vendor_internal_prop(vendor_usb_config_prop) - # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) diff --git a/legacy/zuma/vendor/property_contexts b/legacy/zuma/vendor/property_contexts index e27170d..f8d3e80 100644 --- a/legacy/zuma/vendor/property_contexts +++ b/legacy/zuma/vendor/property_contexts @@ -12,10 +12,6 @@ persist.vendor.qfp. u:object_r:vendor_fingerprint_prop:s0 vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 -# USB -persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0 -vendor.usb. u:object_r:vendor_usb_config_prop:s0 - # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 diff --git a/legacy/zuma/vendor/vendor_init.te b/legacy/zuma/vendor/vendor_init.te index 2071850..73df26d 100644 --- a/legacy/zuma/vendor/vendor_init.te +++ b/legacy/zuma/vendor/vendor_init.te @@ -23,9 +23,6 @@ set_prop(vendor_init, vendor_nfc_prop) # SecureElement vendor property set_prop(vendor_init, vendor_secure_element_prop) -# USB property -set_prop(vendor_init, vendor_usb_config_prop) - # Mali set_prop(vendor_init, vendor_arm_runtime_option_prop) set_prop(vendor_init, vendor_ssrdump_prop) diff --git a/vendor/file.te b/vendor/file.te index bc6ca4a..9c5f786 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -6,6 +6,7 @@ type sysfs_pca, sysfs_type, fs_type; # debugfs type vendor_regmap_debugfs, fs_type, debugfs_type; +type vendor_usb_debugfs, fs_type, debugfs_type; # Data type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; diff --git a/vendor/file_contexts b/vendor/file_contexts index e32c8fa..13d432b 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -2,6 +2,8 @@ /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/init_uwb_calib u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 +/vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 # Vendor /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 @@ -19,4 +21,6 @@ /dev/logbuffer_maxfg_secondary u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index c73793e..6538cf8 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -2,9 +2,12 @@ genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 # debugfs genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 +genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 # GPU genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 @@ -19,9 +22,13 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 # wake up nodes genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 # GPU genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 diff --git a/legacy/zuma/vendor/hal_usb_gadget_impl.te b/vendor/hal_usb_gadget_impl.te similarity index 100% rename from legacy/zuma/vendor/hal_usb_gadget_impl.te rename to vendor/hal_usb_gadget_impl.te diff --git a/legacy/zuma/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te similarity index 100% rename from legacy/zuma/vendor/hal_usb_impl.te rename to vendor/hal_usb_impl.te diff --git a/vendor/property.te b/vendor/property.te new file mode 100644 index 0000000..34029be --- /dev/null +++ b/vendor/property.te @@ -0,0 +1,3 @@ +# USB +vendor_internal_prop(vendor_usb_config_prop) + diff --git a/vendor/property_contexts b/vendor/property_contexts new file mode 100644 index 0000000..43d498d --- /dev/null +++ b/vendor/property_contexts @@ -0,0 +1,4 @@ +# USB +persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0 +vendor.usb. u:object_r:vendor_usb_config_prop:s0 + diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te new file mode 100644 index 0000000..c195c40 --- /dev/null +++ b/vendor/vendor_init.te @@ -0,0 +1,2 @@ +# USB property +set_prop(vendor_init, vendor_usb_config_prop) From ef01242b5b88763c3355f88288d853ab36555a33 Mon Sep 17 00:00:00 2001 From: Devika Krishnadas Date: Thu, 16 Nov 2023 01:24:03 +0000 Subject: [PATCH 092/321] Add Pixel Mapper as a sp-HAL Bug: 267352318 Change-Id: Ib1f2b6e10ae4a6b590f6be761e23be859ba46e01 Signed-off-by: Devika Krishnadas --- vendor/file_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index e32c8fa..3904729 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -20,3 +20,5 @@ /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 +# Gralloc +/(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 From 48815490ff547b5f3f1c32b729ed9688e4e0b20b Mon Sep 17 00:00:00 2001 From: Kyle Tso Date: Mon, 13 Nov 2023 17:09:01 +0800 Subject: [PATCH 093/321] hal_usb_impl: Add get_prop for vendor_usb_config_prop avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_usb_config_prop:s0" dev="tmpfs" ino=391 scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:vendor_usb_config_prop:s0 tclass=file permissive=0 Bug: 310560098 Change-Id: I86588715cae2696dd0e045c5b75dde55e0f84c1e Signed-off-by: Kyle Tso --- vendor/hal_usb_impl.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 15d74c5..ff8ea5a 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -7,6 +7,7 @@ hal_server_domain(hal_usb_impl, hal_usb_gadget) allow hal_usb_impl sysfs_batteryinfo:dir r_dir_perms; allow hal_usb_impl sysfs_batteryinfo:file rw_file_perms; +get_prop(hal_usb_impl, vendor_usb_config_prop) # Needed for monitoring usb port temperature allow hal_usb_impl self:capability2 wake_alarm; From db4d0155909989f5199e5d6077c6704358981110 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 03:20:56 +0000 Subject: [PATCH 094/321] Update error on ROM 11120060 Bug: 312069580 Test: SELinuxUncheckedDenialBootTest Change-Id: I94d03d02552f8ac8cad106f72917573b6027df73 --- tracking_denials/grilservice_app.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/grilservice_app.te diff --git a/tracking_denials/grilservice_app.te b/tracking_denials/grilservice_app.te new file mode 100644 index 0000000..c4dc75e --- /dev/null +++ b/tracking_denials/grilservice_app.te @@ -0,0 +1,2 @@ +# b/312069580 +dontaudit grilservice_app hal_bluetooth_coexistence_service:service_manager { find }; From 8eb45bceb6cf0b659af37fdb7032c03dc22b960b Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 06:40:09 +0000 Subject: [PATCH 095/321] Revert "Add IQfpExtendedFingerprint to service_contexts." Revert submission 25333146-sba4500_redux Reason for revert: BB Reverted changes: /q/submissionid:25333146-sba4500_redux Bug: 312087854 Change-Id: I380eabae240d294f6c6ee6f1f0254e5976bc65ea --- vendor/service_contexts | 1 - 1 file changed, 1 deletion(-) delete mode 100644 vendor/service_contexts diff --git a/vendor/service_contexts b/vendor/service_contexts deleted file mode 100644 index ff110d6..0000000 --- a/vendor/service_contexts +++ /dev/null @@ -1 +0,0 @@ -vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0 From 75f9200a13664bee29822749b2f9b6851c2e0427 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 12:33:18 +0000 Subject: [PATCH 096/321] Move vendor_persist_type to vendor radio needs this type Bug: 312143882 Change-Id: I95b7d4dc0b867234972955eac0be6b8204ce3ecc --- {legacy/whitechapel_pro => vendor}/attributes | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/whitechapel_pro => vendor}/attributes (100%) diff --git a/legacy/whitechapel_pro/attributes b/vendor/attributes similarity index 100% rename from legacy/whitechapel_pro/attributes rename to vendor/attributes From 574b29f866ef0bd4612c80db714329a431f59a8c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 12:09:21 +0000 Subject: [PATCH 097/321] Remove legacy bug_map Bug: 312143882 Change-Id: Ic1102158edabae74aaca7c6d32b3ff3afe0c8710 --- tracking_denials/bug_map | 42 ---------------------------------------- 1 file changed, 42 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 814f63e..216a579 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,45 +1,3 @@ -con_monitor_app app_data_file dir b/264483670 -con_monitor_app app_data_file file b/264483670 -con_monitor_app dalvikcache_data_file dir b/264483670 -con_monitor_app dalvikcache_data_file file b/264483670 -con_monitor_app mnt_expand_file dir b/264483670 -con_monitor_app system_data_file lnk_file b/264483670 -dumpstate app_zygote process b/279680264 -google_camera_app audio_service service_manager b/264600171 -google_camera_app backup_service service_manager b/264483456 -google_camera_app legacy_permission_service service_manager b/264600171 -google_camera_app permission_checker_service service_manager b/264600171 -hal_audio_default hal_audio_default binder b/274374769 -hal_bootctl_default hal_bootctl_default capability b/274727372 -hal_camera_default edgetpu_app_server binder b/275001641 -hal_camera_default edgetpu_app_service service_manager b/275001641 -hal_input_processor_default vendor_display_prop file b/279680070 -hal_secure_element_uicc hal_secure_element_hwservice hwservice_manager b/264483151 -hal_secure_element_uicc hidl_base_hwservice hwservice_manager b/264483151 -hal_uwb_default debugfs file b/279680213 -incidentd apex_art_data_file file b/272628762 -incidentd incidentd anon_inode b/274374992 -insmod-sh insmod-sh key b/274374722 -kernel vendor_fw_file dir b/272166737 -kernel vendor_fw_file dir b/272166787 -mtectrl unlabeled dir b/264483752 -platform_app bootanim_system_prop property_service b/264483532 -servicemanager hal_fingerprint_default binder b/264483753 -system_server default_android_service service_manager b/264483754 -systemui_app init unix_stream_socket b/269964574 -systemui_app property_socket sock_file b/269964574 -twoshay systemui_app binder b/269964558 -untrusted_app default_android_service service_manager b/264599934 -vendor_init device_config_configuration_prop property_service b/267714573 -vendor_init device_config_configuration_prop property_service b/268566481 -vendor_init device_config_configuration_prop property_service b/273143844 -vendor_init device_config_configuration_prop property_service b/275645636 -vendor_init device_config_configuration_prop property_service b/275646003 -vendor_init tee_data_file lnk_file b/267714573 -vendor_init tee_data_file lnk_file b/272166664 -vendor_init vendor_camera_prop property_service b/267714573 -vendor_init vendor_camera_prop property_service b/268566481 -vendor_init vendor_camera_prop property_service b/273143844 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 From 3178313292e96da17b38982429f825b55a92ae01 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 20 Nov 2023 12:46:32 +0000 Subject: [PATCH 098/321] Remove batt and NFC unused type Bug: 312143882 Test: make selinux_policy Change-Id: I88ca31d5893143f8f368f576ef4b78e6219bbb74 --- legacy/whitechapel_pro/property_contexts | 6 ------ 1 file changed, 6 deletions(-) diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts index fa5c917..a5b69b1 100644 --- a/legacy/whitechapel_pro/property_contexts +++ b/legacy/whitechapel_pro/property_contexts @@ -1,9 +1,3 @@ -# test battery profile -persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_prop:s0 - -# NFC -persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 - # SecureElement persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 From 74e5d6a0648bf63addfad82f1bdb4f0cca012d22 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 07:16:32 +0000 Subject: [PATCH 099/321] Update error on ROM 11126833 Bug: 312372803 Bug: 312373134 Bug: 312372857 Bug: 312372936 Test: SELinuxUncheckedDenialBootTest Change-Id: I162a984f233f245410fc04c2b94cf73a3e22a428 --- tracking_denials/hal_bootctl_default.te | 2 ++ tracking_denials/hal_power_default.te | 4 +++- tracking_denials/insmod-sh.te | 3 ++- tracking_denials/vendor_init.te | 2 ++ 4 files changed, 9 insertions(+), 2 deletions(-) create mode 100644 tracking_denials/hal_bootctl_default.te diff --git a/tracking_denials/hal_bootctl_default.te b/tracking_denials/hal_bootctl_default.te new file mode 100644 index 0000000..07eadb0 --- /dev/null +++ b/tracking_denials/hal_bootctl_default.te @@ -0,0 +1,2 @@ +# b/312373134 +dontaudit hal_bootctl_default hal_bootctl_default:capability { dac_override }; diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te index 310f934..269a0d3 100644 --- a/tracking_denials/hal_power_default.te +++ b/tracking_denials/hal_power_default.te @@ -1,4 +1,6 @@ # b/307468758 userdebug_or_eng(` permissive hal_power_default; -') \ No newline at end of file +')# b/312372857 +dontaudit hal_power_default sysfs:file { open }; +dontaudit hal_power_default sysfs:file { write }; diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te index baf99b2..39c4e8d 100644 --- a/tracking_denials/insmod-sh.te +++ b/tracking_denials/insmod-sh.te @@ -1,4 +1,5 @@ # b/307468923 userdebug_or_eng(` permissive insmod-sh; -') \ No newline at end of file +')# b/312372936 +dontaudit insmod-sh insmod-sh:key { write }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 4f3bce5..ff8d2b9 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -4,3 +4,5 @@ userdebug_or_eng(` ')# b/308381748 dontaudit vendor_init debugfs_trace_marker:file { getattr }; dontaudit vendor_init default_prop:property_service { set }; +# b/312372803 +dontaudit vendor_init tee_data_file:lnk_file { read }; From 6ebd0711a418be63dce59850c897a13f4f722c27 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Thu, 16 Nov 2023 15:16:31 +0100 Subject: [PATCH 100/321] Fix SELinux permissions for trusty_userdata partition Bug: 301677815 Test: Trusty storage port tests passing Change-Id: Ibbcbd4523e31a3c79035fe16bc1bec3ed60205fa Signed-off-by: Donnie Pollitz --- legacy/zuma/vendor/device.te | 1 - legacy/zuma/vendor/file_contexts | 1 - vendor/file_contexts | 4 ++++ vendor/tee.te | 2 ++ 4 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 vendor/tee.te diff --git a/legacy/zuma/vendor/device.te b/legacy/zuma/vendor/device.te index 044da91..714896d 100644 --- a/legacy/zuma/vendor/device.te +++ b/legacy/zuma/vendor/device.te @@ -1,5 +1,4 @@ type persist_block_device, dev_type; -type tee_persist_block_device, dev_type; type custom_ab_block_device, dev_type; type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts index 7980516..8cac3ea 100644 --- a/legacy/zuma/vendor/file_contexts +++ b/legacy/zuma/vendor/file_contexts @@ -73,7 +73,6 @@ /dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index eafa72d..17931aa 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -26,3 +26,7 @@ # Gralloc /(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 + +# Trusty +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_userdata u:object_r:tee_userdata_block_device:s0 diff --git a/vendor/tee.te b/vendor/tee.te new file mode 100644 index 0000000..9fd01ec --- /dev/null +++ b/vendor/tee.te @@ -0,0 +1,2 @@ +type tee_persist_block_device, dev_type; +type tee_userdata_block_device, dev_type; From afa1494fc63567710fd3c18a7e906e083b14b3df Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 10:53:48 +0000 Subject: [PATCH 101/321] Label bootanim.color property Bug: 312143882 Test: make selinux_policy Change-Id: Ie585dc92818e9dab81cfd6a2713e8114d272cd19 --- {legacy/private => private}/property_contexts | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/private => private}/property_contexts (100%) diff --git a/legacy/private/property_contexts b/private/property_contexts similarity index 100% rename from legacy/private/property_contexts rename to private/property_contexts From c967ee5dc3b800b6b842de0b4051fc2ca371b3f6 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 11:53:28 +0000 Subject: [PATCH 102/321] Move sg_device related policy Bug: 312143882 Test: make selinux_policy Change-Id: I68b00a6577a01cf04f67b6b277bce6fe1faef618 --- legacy/whitechapel_pro/device.te | 1 - legacy/whitechapel_pro/file_contexts | 1 - legacy/zuma/vendor/vendor_init.te | 1 - vendor/device.te | 1 + vendor/vendor_init.te | 2 ++ 5 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 vendor/device.te diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index 7d31940..8c24eef 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -1,4 +1,3 @@ -type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 184c997..0e6ab82 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -29,7 +29,6 @@ /dev/fimg2d u:object_r:graphics_device:s0 /dev/g2d u:object_r:graphics_device:s0 /dev/dit2 u:object_r:vendor_toe_device:s0 -/dev/sg1 u:object_r:sg_device:s0 /dev/st21nfc u:object_r:nfc_device:s0 /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 diff --git a/legacy/zuma/vendor/vendor_init.te b/legacy/zuma/vendor/vendor_init.te index 73df26d..91e2786 100644 --- a/legacy/zuma/vendor/vendor_init.te +++ b/legacy/zuma/vendor/vendor_init.te @@ -7,7 +7,6 @@ set_prop(vendor_init, logpersistd_logging_prop) allow vendor_init proc_dirty:file w_file_perms; allow vendor_init proc_sched:file w_file_perms; -allow vendor_init sg_device:chr_file r_file_perms; allow vendor_init bootdevice_sysdev:file create_file_perms; allow vendor_init modem_img_file:filesystem { getattr }; diff --git a/vendor/device.te b/vendor/device.te new file mode 100644 index 0000000..89b586b --- /dev/null +++ b/vendor/device.te @@ -0,0 +1 @@ +type sg_device, dev_type; diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index c195c40..129fb11 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -1,2 +1,4 @@ # USB property set_prop(vendor_init, vendor_usb_config_prop) + +allow vendor_init sg_device:chr_file r_file_perms; From eddd28d1400769b8b640d52380bcd6e994580a91 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 12:12:59 +0000 Subject: [PATCH 103/321] Remove unused vendor_toe_device Bug: 312143882 Test: make selinux_policy Change-Id: I3298675615a0e75218be4cf4dac1a04f6aeeafe0 --- legacy/whitechapel_pro/device.te | 1 - legacy/whitechapel_pro/file_contexts | 1 - 2 files changed, 2 deletions(-) diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index 8c24eef..c1bd5d5 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -1,3 +1,2 @@ -type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 0e6ab82..279f4b4 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -28,7 +28,6 @@ /dev/dri/card0 u:object_r:graphics_device:s0 /dev/fimg2d u:object_r:graphics_device:s0 /dev/g2d u:object_r:graphics_device:s0 -/dev/dit2 u:object_r:vendor_toe_device:s0 /dev/st21nfc u:object_r:nfc_device:s0 /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 From 08e5f904279b31c35e4283d0f0769b29c964276a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 21 Nov 2023 11:13:24 +0000 Subject: [PATCH 104/321] Remove UDFPS GHBM/LHBM property Bug: 312143882 Test: make selinux_policy Change-Id: I081a6ea005b05b43b0c7a56859c6a804c16a0bce --- legacy/system_ext/private/property_contexts | 2 -- legacy/system_ext/public/property.te | 2 -- legacy/zuma/vendor/hal_fingerprint_default.te | 1 - 3 files changed, 5 deletions(-) delete mode 100644 legacy/system_ext/private/property_contexts delete mode 100644 legacy/system_ext/public/property.te diff --git a/legacy/system_ext/private/property_contexts b/legacy/system_ext/private/property_contexts deleted file mode 100644 index 9f462bd..0000000 --- a/legacy/system_ext/private/property_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -persist.fingerprint.ghbm u:object_r:fingerprint_ghbm_prop:s0 exact bool diff --git a/legacy/system_ext/public/property.te b/legacy/system_ext/public/property.te deleted file mode 100644 index 8908e48..0000000 --- a/legacy/system_ext/public/property.te +++ /dev/null @@ -1,2 +0,0 @@ -# Fingerprint (UDFPS) GHBM/LHBM toggle -system_vendor_config_prop(fingerprint_ghbm_prop) diff --git a/legacy/zuma/vendor/hal_fingerprint_default.te b/legacy/zuma/vendor/hal_fingerprint_default.te index c60c609..11f478a 100644 --- a/legacy/zuma/vendor/hal_fingerprint_default.te +++ b/legacy/zuma/vendor/hal_fingerprint_default.te @@ -4,7 +4,6 @@ allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl; allow hal_fingerprint_default dmabuf_system_heap_device:chr_file r_file_perms; allow hal_fingerprint_default fwk_stats_service:service_manager find; -get_prop(hal_fingerprint_default, fingerprint_ghbm_prop) set_prop(hal_fingerprint_default, vendor_fingerprint_prop) add_hwservice(hal_fingerprint_default, hal_fingerprint_ext_hwservice) From a5f36273288b074e943349fb56cfd5f23a8b7e1a Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Wed, 22 Nov 2023 14:42:38 +0800 Subject: [PATCH 105/321] Move sg_device related policy Bug: 312582937 Test: make selinux_policy Change-Id: Ic64acb35898e8517141e2fcffb4e2ff71b3b5345 Signed-off-by: Randall Huang --- legacy/zuma/vendor/tee.te | 1 - vendor/device.te | 1 - vendor/vendor_init.te | 1 - 3 files changed, 3 deletions(-) delete mode 100644 vendor/device.te diff --git a/legacy/zuma/vendor/tee.te b/legacy/zuma/vendor/tee.te index 67509b8..c99a02d 100644 --- a/legacy/zuma/vendor/tee.te +++ b/legacy/zuma/vendor/tee.te @@ -7,7 +7,6 @@ allow tee persist_file:dir r_dir_perms; allow tee mnt_vendor_file:dir r_dir_perms; allow tee tee_data_file:dir rw_dir_perms; allow tee tee_data_file:lnk_file r_file_perms; -allow tee sg_device:chr_file rw_file_perms; allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee block_device:dir search; diff --git a/vendor/device.te b/vendor/device.te deleted file mode 100644 index 89b586b..0000000 --- a/vendor/device.te +++ /dev/null @@ -1 +0,0 @@ -type sg_device, dev_type; diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 129fb11..8bb8ad3 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -1,4 +1,3 @@ # USB property set_prop(vendor_init, vendor_usb_config_prop) -allow vendor_init sg_device:chr_file r_file_perms; From b880b46c919872cd52ae056190e4d027a569c898 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 05:47:31 +0000 Subject: [PATCH 106/321] Move file_context to vendor Bug: 312143882 Change-Id: Idadeb768371ec170fce8851a381d6ab9e5d31bfc --- legacy/whitechapel_pro/file_contexts | 37 +--------------------------- vendor/file_contexts | 37 +++++++++++++++++++++++++--- 2 files changed, 34 insertions(+), 40 deletions(-) diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index 279f4b4..ee0ff4e 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -1,42 +1,7 @@ -# Binaries -/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 -/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 -/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 -/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 - -# Vendor libraries -/vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libion_google\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libOpenCL\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 - # Graphics /vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 - -# Devices -/dev/ttySAC0 u:object_r:tty_device:s0 -/dev/bigwave u:object_r:video_device:s0 -/dev/watchdog0 u:object_r:watchdog_device:s0 -/dev/dri/card0 u:object_r:graphics_device:s0 -/dev/fimg2d u:object_r:graphics_device:s0 -/dev/g2d u:object_r:graphics_device:s0 -/dev/st21nfc u:object_r:nfc_device:s0 -/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 -/dev/socket/chre u:object_r:chre_socket:s0 +/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 # Data -/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 -/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 -/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 -/dev/battery_history u:object_r:battery_history_device:s0 -/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index 17931aa..b526e62 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -4,9 +4,24 @@ /vendor/bin/dump/dump_power u:object_r:dump_power_exec:s0 /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 +/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 -# Vendor -/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +# Vendor libraries +/vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libion_google\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/arm\.graphics-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libOpenCL\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 # persist /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 @@ -23,9 +38,23 @@ /dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/ttySAC0 u:object_r:tty_device:s0 +/dev/bigwave u:object_r:video_device:s0 +/dev/watchdog0 u:object_r:watchdog_device:s0 +/dev/dri/card0 u:object_r:graphics_device:s0 +/dev/fimg2d u:object_r:graphics_device:s0 +/dev/g2d u:object_r:graphics_device:s0 +/dev/st21nfc u:object_r:nfc_device:s0 +/dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 +/dev/socket/chre u:object_r:chre_socket:s0 +/dev/battery_history u:object_r:battery_history_device:s0 -# Gralloc -/(vendor|system/vendor)/lib(64)?/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 +# Data +/data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 +/data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 +/data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 +/data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 +/data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 # Trusty /dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 From 009879a2fc888ac0d4e85a3f7edf4f3c01ab129f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 09:03:50 +0000 Subject: [PATCH 107/321] Remove rls_device type None file_context use rls_device type Bug: 312143882 Test: make selinux_policy Change-Id: I85c85d2ce3828ea812c8084e150afd5ee8431a74 --- legacy/whitechapel_pro/device.te | 1 - legacy/zuma/vendor/rlsservice.te | 3 --- 2 files changed, 4 deletions(-) diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index c1bd5d5..cef6cd1 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -1,2 +1 @@ type lwis_device, dev_type; -type rls_device, dev_type; diff --git a/legacy/zuma/vendor/rlsservice.te b/legacy/zuma/vendor/rlsservice.te index 186471a..98b1503 100644 --- a/legacy/zuma/vendor/rlsservice.te +++ b/legacy/zuma/vendor/rlsservice.te @@ -11,9 +11,6 @@ allow rlsservice persist_camera_file:dir search; allow rlsservice persist_camera_file:file r_file_perms; allow rlsservice mnt_vendor_file:dir search; -# access device files -allow rlsservice rls_device:chr_file rw_file_perms; - binder_call(rlsservice, hal_camera_default) # Allow access to display backlight information From 03d78938bffc7013a18956d6a5aa8d0b7d3f5b79 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 11:08:38 +0000 Subject: [PATCH 108/321] Move legacy app config to tracking_denials Bug: 312143882 Test: make selinux_policy Change-Id: Id9203ada3b6364f517a0251eed139ad793fbb94f --- legacy/whitechapel_pro/keys.conf | 5 ---- legacy/whitechapel_pro/mac_permissions.xml | 30 ------------------- legacy/zuma/vendor/keys.conf | 11 ------- .../certs/EuiccSupportPixel.x509.pem | 0 .../certs/app.x509.pem | 0 .../certs/camera_eng.x509.pem | 0 .../certs/camera_fishfood.x509.pem | 0 ...ogle_android_apps_camera_services.x509.pem | 0 .../certs/com_qorvo_uwb.x509.pem | 0 tracking_denials/keys.conf | 17 +++++++++++ .../mac_permissions.xml | 6 ++++ .../seapp_contexts | 1 - 12 files changed, 23 insertions(+), 47 deletions(-) delete mode 100644 legacy/whitechapel_pro/keys.conf delete mode 100644 legacy/whitechapel_pro/mac_permissions.xml delete mode 100644 legacy/zuma/vendor/keys.conf rename {legacy/whitechapel_pro => tracking_denials}/certs/EuiccSupportPixel.x509.pem (100%) rename {legacy/zuma/vendor => tracking_denials}/certs/app.x509.pem (100%) rename {legacy/zuma/vendor => tracking_denials}/certs/camera_eng.x509.pem (100%) rename {legacy/zuma/vendor => tracking_denials}/certs/camera_fishfood.x509.pem (100%) rename {legacy/zuma/vendor => tracking_denials}/certs/com_google_android_apps_camera_services.x509.pem (100%) rename {legacy/whitechapel_pro => tracking_denials}/certs/com_qorvo_uwb.x509.pem (100%) create mode 100644 tracking_denials/keys.conf rename {legacy/zuma/vendor => tracking_denials}/mac_permissions.xml (89%) rename {legacy/zuma/vendor => tracking_denials}/seapp_contexts (93%) diff --git a/legacy/whitechapel_pro/keys.conf b/legacy/whitechapel_pro/keys.conf deleted file mode 100644 index 76ea843..0000000 --- a/legacy/whitechapel_pro/keys.conf +++ /dev/null @@ -1,5 +0,0 @@ -[@UWB] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem - -[@EUICCSUPPORTPIXEL] -ALL : device/google/zumapro-sepolicy/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/whitechapel_pro/mac_permissions.xml b/legacy/whitechapel_pro/mac_permissions.xml deleted file mode 100644 index 956da95..0000000 --- a/legacy/whitechapel_pro/mac_permissions.xml +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - diff --git a/legacy/zuma/vendor/keys.conf b/legacy/zuma/vendor/keys.conf deleted file mode 100644 index 04f8042..0000000 --- a/legacy/zuma/vendor/keys.conf +++ /dev/null @@ -1,11 +0,0 @@ -[@GOOGLE] -ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/app.x509.pem - -[@CAMERAENG] -ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_eng.x509.pem - -[@CAMERAFISHFOOD] -ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/camera_fishfood.x509.pem - -[@CAMERASERVICES] -ALL : device/google/zumapro-sepolicy/legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem diff --git a/legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem b/tracking_denials/certs/EuiccSupportPixel.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem rename to tracking_denials/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/zuma/vendor/certs/app.x509.pem b/tracking_denials/certs/app.x509.pem similarity index 100% rename from legacy/zuma/vendor/certs/app.x509.pem rename to tracking_denials/certs/app.x509.pem diff --git a/legacy/zuma/vendor/certs/camera_eng.x509.pem b/tracking_denials/certs/camera_eng.x509.pem similarity index 100% rename from legacy/zuma/vendor/certs/camera_eng.x509.pem rename to tracking_denials/certs/camera_eng.x509.pem diff --git a/legacy/zuma/vendor/certs/camera_fishfood.x509.pem b/tracking_denials/certs/camera_fishfood.x509.pem similarity index 100% rename from legacy/zuma/vendor/certs/camera_fishfood.x509.pem rename to tracking_denials/certs/camera_fishfood.x509.pem diff --git a/legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem b/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem similarity index 100% rename from legacy/zuma/vendor/certs/com_google_android_apps_camera_services.x509.pem rename to tracking_denials/certs/com_google_android_apps_camera_services.x509.pem diff --git a/legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem b/tracking_denials/certs/com_qorvo_uwb.x509.pem similarity index 100% rename from legacy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem rename to tracking_denials/certs/com_qorvo_uwb.x509.pem diff --git a/tracking_denials/keys.conf b/tracking_denials/keys.conf new file mode 100644 index 0000000..92b931b --- /dev/null +++ b/tracking_denials/keys.conf @@ -0,0 +1,17 @@ +[@GOOGLE] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/app.x509.pem + +[@CAMERAENG] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_eng.x509.pem + +[@CAMERAFISHFOOD] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_fishfood.x509.pem + +[@CAMERASERVICES] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem + +[@UWB] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_qorvo_uwb.x509.pem + +[@EUICCSUPPORTPIXEL] +ALL : device/google/zumapro-sepolicy/tracking_denials/certs/EuiccSupportPixel.x509.pem diff --git a/legacy/zuma/vendor/mac_permissions.xml b/tracking_denials/mac_permissions.xml similarity index 89% rename from legacy/zuma/vendor/mac_permissions.xml rename to tracking_denials/mac_permissions.xml index 48536b9..d469c3b 100644 --- a/legacy/zuma/vendor/mac_permissions.xml +++ b/tracking_denials/mac_permissions.xml @@ -33,4 +33,10 @@ + + + + + + diff --git a/legacy/zuma/vendor/seapp_contexts b/tracking_denials/seapp_contexts similarity index 93% rename from legacy/zuma/vendor/seapp_contexts rename to tracking_denials/seapp_contexts index ed23ae5..0b048df 100644 --- a/legacy/zuma/vendor/seapp_contexts +++ b/tracking_denials/seapp_contexts @@ -8,7 +8,6 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all # Qorvo UWB system app -# TODO(b/222204912): Should this run under uwb user? user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all # CccDkTimeSyncService From 2a66f04eeeda74f0d325b8dd74163f451fba7b16 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 08:29:41 +0000 Subject: [PATCH 109/321] Move legacy zuma/file_contexts to vendor Bug: 312143882 Change-Id: I992762f507a49edfcb4f25bf26594bbb03f191a1 --- legacy/zuma/vendor/file_contexts | 200 ------------------------------- tracking_denials/file_contexts | 74 ++++++++++++ vendor/file_contexts | 124 ++++++++++++++++++- 3 files changed, 194 insertions(+), 204 deletions(-) delete mode 100644 legacy/zuma/vendor/file_contexts create mode 100644 tracking_denials/file_contexts diff --git a/legacy/zuma/vendor/file_contexts b/legacy/zuma/vendor/file_contexts deleted file mode 100644 index 8cac3ea..0000000 --- a/legacy/zuma/vendor/file_contexts +++ /dev/null @@ -1,200 +0,0 @@ -# Binaries -/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 -/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 -/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 -/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 -/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/storageproxyd u:object_r:tee_exec:s0 -/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 -/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/chre u:object_r:chre_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 -/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 -/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 -/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 - -# Vendor Firmwares -/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 -/vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 - -# Vendor libraries - -# Vendor -/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 -/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 -/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 - -# persist -/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 -/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 -/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 -/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 -/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0 - -# Devices -/dev/bbd_pwrstat u:object_r:power_stats_device:s0 -/dev/edgetpu-soc u:object_r:edgetpu_device:s0 -/dev/block/sda u:object_r:sda_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 -/dev/gxp u:object_r:gxp_device:s0 -/dev/mali0 u:object_r:gpu_device:s0 -/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 -/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 -/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 -/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 -/dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 -/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 -/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 -/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 -/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 -/dev/lwis-be-core u:object_r:lwis_device:s0 -/dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 -/dev/lwis-g3aa u:object_r:lwis_device:s0 -/dev/lwis-gdc0 u:object_r:lwis_device:s0 -/dev/lwis-gdc1 u:object_r:lwis_device:s0 -/dev/lwis-gse u:object_r:lwis_device:s0 -/dev/lwis-gtnr-align u:object_r:lwis_device:s0 -/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 -/dev/lwis-ipp u:object_r:lwis_device:s0 -/dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-isp-fe u:object_r:lwis_device:s0 -/dev/lwis-lme u:object_r:lwis_device:s0 -/dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 -/dev/lwis-pdp u:object_r:lwis_device:s0 -/dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 -/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 -/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-slc u:object_r:lwis_device:s0 -/dev/lwis-top u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 -# Although ispolin_ranging is not a real lwis_device but we treat it as an abstract lwis_device. -# Binding it here with lwis-tof-tarasque for a better maintenance instead of creating another device type. -/dev/ispolin_ranging u:object_r:lwis_device:s0 -/dev/lwis-votf u:object_r:lwis_device:s0 -/dev/st54spi u:object_r:st54spi_device:s0 -/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 -/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 -/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 -/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 -/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 -/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 -/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 -/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 -/dev/uci u:object_r:uci_device:s0 -/dev/qbt_ipc u:object_r:fingerprint_device:s0 -/dev/qbt_fd u:object_r:fingerprint_device:s0 diff --git a/tracking_denials/file_contexts b/tracking_denials/file_contexts new file mode 100644 index 0000000..ac5ed49 --- /dev/null +++ b/tracking_denials/file_contexts @@ -0,0 +1,74 @@ +# Binaries +/vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 + +# Vendor Firmwares +/vendor/lib64/arm\.mali\.platform-V1-ndk\.so u:object_r:same_process_hal_file:s0 + +# Devices +/dev/logbuffer_maxq u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468_tcpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 +/dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-act-jotnar u:object_r:lwis_device:s0 +/dev/lwis-act-nessie u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman u:object_r:lwis_device:s0 +/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 +/dev/lwis-csi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 +/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 +/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 +/dev/lwis-g3aa u:object_r:lwis_device:s0 +/dev/lwis-ipp u:object_r:lwis_device:s0 +/dev/lwis-itp u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 +/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 +/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 +/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 +/dev/lwis-ois-nessie u:object_r:lwis_device:s0 +/dev/lwis-pdp u:object_r:lwis_device:s0 +/dev/lwis-scsc u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-buraq u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 +/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 +/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 +/dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 +/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 +/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 +/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 +/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 +/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 +/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 +/dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 +/dev/uci u:object_r:uci_device:s0 +/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 +/dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index b526e62..90861be 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -8,6 +8,24 @@ /vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 +/vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 +/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 +/vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 +/vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 +/vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 +/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 +/vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 +/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 +/vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 +/vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 +/vendor/bin/storageproxyd u:object_r:tee_exec:s0 +/vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 +/vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 +/vendor/bin/chre u:object_r:chre_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 +/vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 # Vendor libraries /vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0 @@ -22,9 +40,19 @@ /vendor/lib64/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 /vendor/lib64/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/hw/mapper\.pixel\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/arm\.mali\.platform-V2-ndk\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/hw/vulkan\.pastel\.so u:object_r:same_process_hal_file:s0 + +# Vendor Firmwares +/vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 # persist /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 +/mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 +/mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 +/mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 +/mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 +/mnt/vendor/persist/qti_fp(/.*)? u:object_r:persist_fingerprint_file:s0 # Bluetooth /dev/ttySAC18 u:object_r:hci_attach_dev:s0 @@ -48,6 +76,95 @@ /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 /dev/battery_history u:object_r:battery_history_device:s0 +/dev/bbd_pwrstat u:object_r:power_stats_device:s0 +/dev/edgetpu-soc u:object_r:edgetpu_device:s0 +/dev/block/sda u:object_r:sda_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/persist u:object_r:persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/efs_backup u:object_r:efs_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_userdata u:object_r:modem_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl2_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/bl31_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/dtbo_[ab] u:object_r:dtbo_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_bl1_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gsa_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/gcf_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ldfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/metadata u:object_r:metadata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/mfg_data u:object_r:mfg_data_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pbl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/pvmfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/super u:object_r:super_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/tzsw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/trusty_userdata u:object_r:tee_userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_system_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/13200000\.ufs/by-name/ufs_internal u:object_r:ufs_internal_block_device:s0 +/dev/gxp u:object_r:gxp_device:s0 +/dev/mali0 u:object_r:gpu_device:s0 +/dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 +/dev/logbuffer_wireless u:object_r:logbuffer_device:s0 +/dev/logbuffer_ttf u:object_r:logbuffer_device:s0 +/dev/logbuffer_rtx u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 +/dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-be-core u:object_r:lwis_device:s0 +/dev/lwis-dpm u:object_r:lwis_device:s0 +/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 +/dev/lwis-gdc0 u:object_r:lwis_device:s0 +/dev/lwis-gdc1 u:object_r:lwis_device:s0 +/dev/lwis-gse u:object_r:lwis_device:s0 +/dev/lwis-gtnr-align u:object_r:lwis_device:s0 +/dev/lwis-gtnr-merge u:object_r:lwis_device:s0 +/dev/lwis-isp-fe u:object_r:lwis_device:s0 +/dev/lwis-lme u:object_r:lwis_device:s0 +/dev/lwis-mcsc u:object_r:lwis_device:s0 +/dev/lwis-ois-djinn u:object_r:lwis_device:s0 +/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 +/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 +/dev/lwis-slc u:object_r:lwis_device:s0 +/dev/lwis-top u:object_r:lwis_device:s0 +/dev/ispolin_ranging u:object_r:lwis_device:s0 +/dev/lwis-votf u:object_r:lwis_device:s0 +/dev/st54spi u:object_r:st54spi_device:s0 +/dev/trusty-ipc-dev0 u:object_r:tee_device:s0 +/dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 +/dev/dma_heap/faceauth_dsp-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/faprev-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/farawimg-secure u:object_r:faceauth_heap_device:s0 +/dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/vscaler-secure u:object_r:vscaler_secure_heap_device:s0 +/dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/dma_heap/gcma_camera u:object_r:gcma_camera_heap_device:s0 +/dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 +/dev/qbt_ipc u:object_r:fingerprint_device:s0 +/dev/qbt_fd u:object_r:fingerprint_device:s0 # Data /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 @@ -55,7 +172,6 @@ /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 - -# Trusty -/dev/block/platform/13200000\.ufs/by-name/trusty_persist u:object_r:tee_persist_block_device:s0 -/dev/block/platform/13200000\.ufs/by-name/trusty_userdata u:object_r:tee_userdata_block_device:s0 +/data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 +/data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 +/data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 From 7d7ebbc37069b4e3d9e211846d18efa15686c95f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 22 Nov 2023 09:00:28 +0000 Subject: [PATCH 110/321] Move lwis declaration to vendor Bug: 312143882 Test: make selinux_policy Change-Id: Ice60742e2b1d2c863dbb55f31e5e38c4d8768fcb --- {legacy/whitechapel_pro => vendor}/device.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/whitechapel_pro => vendor}/device.te (100%) diff --git a/legacy/whitechapel_pro/device.te b/vendor/device.te similarity index 100% rename from legacy/whitechapel_pro/device.te rename to vendor/device.te From daeea509ef489d5747bbcd18b709196ceabb0920 Mon Sep 17 00:00:00 2001 From: Kamal Shafi Date: Thu, 23 Nov 2023 06:13:29 +0000 Subject: [PATCH 111/321] sepolicy: add front camera taotie eeprom sepolicy Add missing sepolicy for front camera eeprom. Bug: 312849126 Test: build Change-Id: I032624791c1dc114d4513d633c72b4f415bc7c5f --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 90861be..ad3d7c0 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -133,6 +133,7 @@ /dev/lwis-dpm u:object_r:lwis_device:s0 /dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 +/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 /dev/lwis-gdc0 u:object_r:lwis_device:s0 From 2dc63cb5cd96f4175b1a893bf523bf9375180b70 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 23 Nov 2023 10:49:03 +0000 Subject: [PATCH 112/321] Update error on ROM 11137748 Bug: 312894027 Test: SELinuxUncheckedDenialBootTest Change-Id: I410a8f4717ef0cdb6298b5a26d48dd919cdd4c14 --- tracking_denials/tee.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/tee.te diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te new file mode 100644 index 0000000..267a291 --- /dev/null +++ b/tracking_denials/tee.te @@ -0,0 +1,2 @@ +# b/312894027 +dontaudit tee tee_userdata_block_device:blk_file { read write }; From 83f48c2556a30350f8c5b94c01152457f86a0d72 Mon Sep 17 00:00:00 2001 From: Kamal Shafi Date: Mon, 27 Nov 2023 03:37:25 +0000 Subject: [PATCH 113/321] sepolicy: move lwis dev sepolicy to device folder - Remove lwis dev device specific sepolicy from zumapro Bug: 312869113 Test: build Change-Id: I12e8e703fb3a58a5be4f4b6dd0ade188cf4d8c0e --- tracking_denials/file_contexts | 44 ---------------------------------- vendor/file_contexts | 12 ---------- 2 files changed, 56 deletions(-) diff --git a/tracking_denials/file_contexts b/tracking_denials/file_contexts index ac5ed49..20b0a1d 100644 --- a/tracking_denials/file_contexts +++ b/tracking_denials/file_contexts @@ -14,61 +14,17 @@ /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_wc68 u:object_r:logbuffer_device:s0 /dev/logbuffer_ln8411 u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk-oksoko u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-sandworm u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-act-jotnar u:object_r:lwis_device:s0 -/dev/lwis-act-nessie u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman u:object_r:lwis_device:s0 -/dev/lwis-act-slenderman-sandworm u:object_r:lwis_device:s0 /dev/lwis-csi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-gargoyle u:object_r:lwis_device:s0 /dev/lwis-eeprom-gt24p64e-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba u:object_r:lwis_device:s0 -/dev/lwis-eeprom-humbaba-taotie u:object_r:lwis_device:s0 -/dev/lwis-eeprom-jotnar u:object_r:lwis_device:s0 -/dev/lwis-eeprom-nessie u:object_r:lwis_device:s0 /dev/lwis-eeprom-smaug-buraq u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-imentet u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-sandworm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-svarog-outer u:object_r:lwis_device:s0 /dev/lwis-g3aa u:object_r:lwis_device:s0 /dev/lwis-ipp u:object_r:lwis_device:s0 /dev/lwis-itp u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn-nautilus u:object_r:lwis_device:s0 -/dev/lwis-ois-gargoyle u:object_r:lwis_device:s0 -/dev/lwis-ois-humbaba u:object_r:lwis_device:s0 -/dev/lwis-ois-jotnar u:object_r:lwis_device:s0 -/dev/lwis-ois-nessie u:object_r:lwis_device:s0 /dev/lwis-pdp u:object_r:lwis_device:s0 /dev/lwis-scsc u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata-nautilus u:object_r:lwis_device:s0 /dev/lwis-sensor-buraq u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi-tele u:object_r:lwis_device:s0 -/dev/lwis-sensor-imentet u:object_r:lwis_device:s0 -/dev/lwis-sensor-kraken u:object_r:lwis_device:s0 /dev/lwis-sensor-lamassu u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen u:object_r:lwis_device:s0 -/dev/lwis-sensor-leshen-uw u:object_r:lwis_device:s0 -/dev/lwis-sensor-nagual u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko u:object_r:lwis_device:s0 -/dev/lwis-sensor-oksoko-nautilus u:object_r:lwis_device:s0 -/dev/lwis-sensor-sandworm u:object_r:lwis_device:s0 -/dev/lwis-sensor-svarog-outer u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-tele u:object_r:lwis_device:s0 -/dev/lwis-tof-tarasque u:object_r:lwis_device:s0 /dev/dma_heap/faimg-secure u:object_r:faceauth_heap_device:s0 /dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 /dev/uci u:object_r:uci_device:s0 -/dev/lwis-sensor-svarog u:object_r:lwis_device:s0 /dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 diff --git a/vendor/file_contexts b/vendor/file_contexts index ad3d7c0..a0c9639 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -126,16 +126,8 @@ /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 -/dev/lwis-act-cornerfolk u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-act-cornerfolk-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-be-core u:object_r:lwis_device:s0 /dev/lwis-dpm u:object_r:lwis_device:s0 -/dev/lwis-eeprom-djinn u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-front u:object_r:lwis_device:s0 -/dev/lwis-eeprom-smaug-taotie-uw u:object_r:lwis_device:s0 -/dev/lwis-flash-lm3644 u:object_r:lwis_device:s0 /dev/lwis-gdc0 u:object_r:lwis_device:s0 /dev/lwis-gdc1 u:object_r:lwis_device:s0 /dev/lwis-gse u:object_r:lwis_device:s0 @@ -144,10 +136,6 @@ /dev/lwis-isp-fe u:object_r:lwis_device:s0 /dev/lwis-lme u:object_r:lwis_device:s0 /dev/lwis-mcsc u:object_r:lwis_device:s0 -/dev/lwis-ois-djinn u:object_r:lwis_device:s0 -/dev/lwis-sensor-boitata u:object_r:lwis_device:s0 -/dev/lwis-sensor-dokkaebi u:object_r:lwis_device:s0 -/dev/lwis-sensor-taotie-uw u:object_r:lwis_device:s0 /dev/lwis-slc u:object_r:lwis_device:s0 /dev/lwis-top u:object_r:lwis_device:s0 /dev/ispolin_ranging u:object_r:lwis_device:s0 From c659e9d5c71957d25579b428d055c48c071431fa Mon Sep 17 00:00:00 2001 From: Alec Foster Date: Mon, 27 Nov 2023 22:05:55 +0000 Subject: [PATCH 114/321] Revert^2 "Add IQfpExtendedFingerprint to service_contexts." 8eb45bceb6cf0b659af37fdb7032c03dc22b960b Bug: 313504369 Change-Id: I978eb6434d959412548d6bd6d59985374e29674f --- vendor/service_contexts | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/service_contexts diff --git a/vendor/service_contexts b/vendor/service_contexts new file mode 100644 index 0000000..ff110d6 --- /dev/null +++ b/vendor/service_contexts @@ -0,0 +1 @@ +vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0 From 6c797e281abcdace9fa0c706ff0b0c747a9f1f31 Mon Sep 17 00:00:00 2001 From: guibing Date: Thu, 16 Nov 2023 22:14:55 +0000 Subject: [PATCH 115/321] zumapro: sepolicy: update ospm selinux settings. Use the similar setting from zuma: ag/23270943 and ag/22980665 Bug: 300516041 Test: Power hal works without related avc errors. Change-Id: I45fb13299f153f0f472e21f54af393147c7fbd7c --- vendor/file.te | 1 + vendor/genfs_contexts | 6 ++++-- vendor/hal_power_default.te | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) create mode 100644 vendor/hal_power_default.te diff --git a/vendor/file.te b/vendor/file.te index 9c5f786..57c19a9 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -3,6 +3,7 @@ type persist_uwb_file, file_type, vendor_persist_type; #sysfs type sysfs_pca, sysfs_type, fs_type; +type sysfs_ospm, sysfs_type, fs_type; # debugfs type vendor_regmap_debugfs, fs_type, debugfs_type; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 6538cf8..4759882 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -16,6 +16,7 @@ genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:obje genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 # Haptics genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 @@ -30,8 +31,9 @@ genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -# GPU -genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 +# OSPM +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl1_target_residency u:object_r:sysfs_ospm:s0 +genfscon sysfs /devices/platform/cpupm/cpupm/cpd_cl2_target_residency u:object_r:sysfs_ospm:s0 # Power ODPM genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 diff --git a/vendor/hal_power_default.te b/vendor/hal_power_default.te new file mode 100644 index 0000000..2e55825 --- /dev/null +++ b/vendor/hal_power_default.te @@ -0,0 +1 @@ +allow hal_power_default sysfs_ospm:file rw_file_perms; \ No newline at end of file From 662dc87e323a816c0a1b2b64b98f3f3cf2c691fe Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Mon, 27 Nov 2023 11:55:00 +0100 Subject: [PATCH 116/321] trusty: Fix selinux denials for block devices Bug: 312894027 Test: Confirmed avc denial is gone on boot Change-Id: Iaa87cdef24214a2b6f6eba2af917c03bbbb4bfb5 Signed-off-by: Donnie Pollitz --- legacy/zuma/vendor/tee.te | 1 - tracking_denials/tee.te | 2 -- vendor/device.te | 2 ++ vendor/tee.te | 4 ++-- 4 files changed, 4 insertions(+), 5 deletions(-) delete mode 100644 tracking_denials/tee.te diff --git a/legacy/zuma/vendor/tee.te b/legacy/zuma/vendor/tee.te index c99a02d..8551b24 100644 --- a/legacy/zuma/vendor/tee.te +++ b/legacy/zuma/vendor/tee.te @@ -7,7 +7,6 @@ allow tee persist_file:dir r_dir_perms; allow tee mnt_vendor_file:dir r_dir_perms; allow tee tee_data_file:dir rw_dir_perms; allow tee tee_data_file:lnk_file r_file_perms; -allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee block_device:dir search; # Allow storageproxyd access to gsi_public_metadata_file diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te deleted file mode 100644 index 267a291..0000000 --- a/tracking_denials/tee.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/312894027 -dontaudit tee tee_userdata_block_device:blk_file { read write }; diff --git a/vendor/device.te b/vendor/device.te index cef6cd1..b5f1575 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1 +1,3 @@ type lwis_device, dev_type; +type tee_persist_block_device, dev_type; +type tee_userdata_block_device, dev_type; diff --git a/vendor/tee.te b/vendor/tee.te index 9fd01ec..ba5ee08 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -1,2 +1,2 @@ -type tee_persist_block_device, dev_type; -type tee_userdata_block_device, dev_type; +allow tee tee_persist_block_device:blk_file rw_file_perms; +allow tee tee_userdata_block_device:blk_file rw_file_perms; From be32c237af5efed3cd470a9d02916271a78befcc Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 29 Nov 2023 11:42:45 +0000 Subject: [PATCH 117/321] Move legacy file_contexts to tracking_denials Bug: 312143882 Bug: 314036372 Test: make selinux_policy Change-Id: If8f325e6e0c9ffa1bfb463686d1df6ed82abd804 --- legacy/whitechapel_pro/file_contexts | 7 ------- tracking_denials/file_contexts | 10 ++++++++++ 2 files changed, 10 insertions(+), 7 deletions(-) delete mode 100644 legacy/whitechapel_pro/file_contexts diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts deleted file mode 100644 index ee0ff4e..0000000 --- a/legacy/whitechapel_pro/file_contexts +++ /dev/null @@ -1,7 +0,0 @@ -# Graphics -/vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 - -# Data -/data/nfc(/.*)? u:object_r:nfc_data_file:s0 -/data/per_boot(/.*)? u:object_r:per_boot_file:s0 diff --git a/tracking_denials/file_contexts b/tracking_denials/file_contexts index 20b0a1d..a69e8bf 100644 --- a/tracking_denials/file_contexts +++ b/tracking_denials/file_contexts @@ -1,3 +1,5 @@ +# b/314036372 + # Binaries /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 @@ -28,3 +30,11 @@ /dev/dma_heap/famodel-secure u:object_r:faceauth_heap_device:s0 /dev/uci u:object_r:uci_device:s0 /dev/dma_heap/framebuffer-secure u:object_r:framebuffer_secure_heap_device:s0 + +# Graphics +/vendor/lib64/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libGralloc4Wrapper\.so u:object_r:same_process_hal_file:s0 + +# Data +/data/nfc(/.*)? u:object_r:nfc_data_file:s0 +/data/per_boot(/.*)? u:object_r:per_boot_file:s0 From 4ab2964a03ce9dd2bc57b9182b2dce127535e570 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 29 Nov 2023 12:14:53 +0000 Subject: [PATCH 118/321] Move legacy genfs_contexts to vendor Bug: 312143882 Bug: 314036370 Test: make selinux_policy Change-Id: I5846fb7b26eee3ddc7c7ac67f6b60f4357ec3608 --- legacy/whitechapel_pro/genfs_contexts | 69 ------- legacy/zuma/vendor/genfs_contexts | 249 -------------------------- tracking_denials/genfs_contexts | 80 +++++++++ vendor/genfs_contexts | 220 +++++++++++++++++++++++ 4 files changed, 300 insertions(+), 318 deletions(-) delete mode 100644 legacy/whitechapel_pro/genfs_contexts delete mode 100644 legacy/zuma/vendor/genfs_contexts create mode 100644 tracking_denials/genfs_contexts diff --git a/legacy/whitechapel_pro/genfs_contexts b/legacy/whitechapel_pro/genfs_contexts deleted file mode 100644 index 22e5325..0000000 --- a/legacy/whitechapel_pro/genfs_contexts +++ /dev/null @@ -1,69 +0,0 @@ -genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 -genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 - -# tracefs -genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0 - -# WiFi -genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 - -# Broadcom -genfscon sysfs /module/bcmdhd4389 u:object_r:sysfs_bcmdhd:s0 - -# GPU -genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 -genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0 - -# Fabric -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0 - -# sscoredump (per device) -genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 - -# Storage -genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 -genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 - -# Thermal -genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100a0000.BIG u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100a0000.ISP u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100b0000.G3D u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 -genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0 - -genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 - -genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0 - -# Camera -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 - -# USB-C throttling stats -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 - -# Coresight ETM -genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2ba40000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2bb40000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0 -genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0 - diff --git a/legacy/zuma/vendor/genfs_contexts b/legacy/zuma/vendor/genfs_contexts deleted file mode 100644 index 00fe279..0000000 --- a/legacy/zuma/vendor/genfs_contexts +++ /dev/null @@ -1,249 +0,0 @@ -# Devfreq current frequency -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 - -# Fabric -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 -genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 - -# EdgeTPU -genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 - -# Gxp -genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 - -# debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 - -# Extcon -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 - -# Storage -genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 -genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 - -# Display -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 -genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 - -# ACPM -genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 - -# Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 - -# Power Stats -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 -genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 - -# PCIe link stats -genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 -genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 - -# Battery -genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 -genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 - -# wake up nodes -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 - -genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/sound-aoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 - -# Trusty -genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 -genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 - -# EM Profile -genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 - -# GSA logs -genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 -genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 - -# AOC -genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 - -# OTA -genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 - -# Faceauth -genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 diff --git a/tracking_denials/genfs_contexts b/tracking_denials/genfs_contexts new file mode 100644 index 0000000..3e005ec --- /dev/null +++ b/tracking_denials/genfs_contexts @@ -0,0 +1,80 @@ +# b/314036370 +# Broadcom +genfscon sysfs /module/bcmdhd4389 u:object_r:sysfs_bcmdhd:s0 + +# GPU +genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0 + +# sscoredump (per device) +genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 + +# Thermal +genfscon sysfs /devices/platform/100a0000.ISP u:object_r:sysfs_thermal:s0 +genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0 + +# Coresight ETM +genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2ba40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bb40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0 + +# Devfreq current frequency +genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# debugfs +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 + +# Storage +genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 + +# Power ODPM +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 + +# Battery +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0057/registers_dump u:object_r:sysfs_power_dump:s0 + +# wake up nodes +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 6538cf8..d237163 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -1,9 +1,26 @@ +# SOC +genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 +genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 + # Battery genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/chg_stats u:object_r:sysfs_pca:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0050/eeprom u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/version u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/status u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /class/power_supply/wireless/device/fw_rev u:object_r:sysfs_batteryinfo:s0 + # debugfs genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 @@ -29,6 +46,35 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.au genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 + +# WiFi +genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 # GPU genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 @@ -82,3 +128,177 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-mete genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_power u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/lpf_current u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 + +# Fabric +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/min_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/17000090.devfreq_dsu/devfreq/17000090.devfreq_dsu/max_freq u:object_r:sysfs_fabric:s0 +genfscon sysfs /devices/platform/170000a0.devfreq_bci/devfreq/170000a0.devfreq_bci/max_freq u:object_r:sysfs_fabric:s0 + +# Sscoredump +genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 + +# Storage +genfscon proc /fs/f2fs u:object_r:proc_f2fs:s0 +genfscon proc /sys/vm/swappiness u:object_r:proc_dirty:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_read_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_write_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_unmap_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/slowio_sync_cnt u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/manual_gc u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/io_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/req_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/err_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/device_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/clkgate_enable u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/health_descriptor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/13200000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 + +# Tracefs +genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0 + +# Thermal +genfscon sysfs /devices/platform/100a0000.LITTLE u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100a0000.MID u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100a0000.BIG u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.G3D u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 +genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0 + +genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 + +# Camera +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 + +# USB-C throttling stats +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 + +# Devfreq current frequency +genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/cur_freq u:object_r:sysfs_devfreq_cur:s0 +genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/cur_freq u:object_r:sysfs_devfreq_cur:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1a000000.rio u:object_r:sysfs_edgetpu:s0 + +# Gxp +genfscon sysfs /devices/platform/20c00000.callisto u:object_r:sysfs_gxp:s0 + +# Extcon +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon/extcon0 u:object_r:sysfs_extcon:s0 + +# Display +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/gamma u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/idle_delay_ms u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_idle u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_need_handle_idle_exit u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/op_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/hs_clock u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 +genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/exynos-drm/tui_status u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/panel0-backlight/als_table u:object_r:sysfs_write_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 + +# ACPM +genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 + +# Power Stats +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 + +# PCIe link stats +genfscon sysfs /devices/platform/12100000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/complete_timeout_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_down_irqs u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_recovery_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_average u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/link_up_failures u:object_r:sysfs_pcie:s0 +genfscon sysfs /devices/platform/13120000.pcie/link_stats/pll_lock_average u:object_r:sysfs_pcie:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# GSA logs +genfscon sysfs /devices/platform/16490000.gsa-ns/log_main u:object_r:sysfs_gsa_log:s0 +genfscon sysfs /devices/platform/16490000.gsa-ns/log_intermediate u:object_r:sysfs_gsa_log:s0 + +# AOC +genfscon sysfs /devices/platform/17000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/17000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/17000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/17000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/17000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# OTA +genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 From e531406f68665fddeb89906f7edd69bd500c41f2 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 29 Nov 2023 15:07:44 +0000 Subject: [PATCH 119/321] Move legacy file.te to vendor and tracking_denials Bug: 312143882 Bug: 314035704 Test: make selinux_policy Change-Id: Ibf5ac4c3e06bb2f5aab44e59073156181ab0b5a1 --- legacy/whitechapel_pro/file.te | 25 ---------------- legacy/zuma/vendor/file.te | 53 -------------------------------- tracking_denials/file.te | 14 +++++++++ vendor/file.te | 55 ++++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 78 deletions(-) delete mode 100644 legacy/whitechapel_pro/file.te delete mode 100644 legacy/zuma/vendor/file.te create mode 100644 tracking_denials/file.te diff --git a/legacy/whitechapel_pro/file.te b/legacy/whitechapel_pro/file.te deleted file mode 100644 index 786e5f4..0000000 --- a/legacy/whitechapel_pro/file.te +++ /dev/null @@ -1,25 +0,0 @@ -# Data -type updated_wifi_firmware_data_file, file_type, data_file_type; -type vendor_misc_data_file, file_type, data_file_type; -type per_boot_file, file_type, data_file_type, core_data_file_type; -type powerstats_vendor_data_file, file_type, data_file_type; - -# sysfs -type bootdevice_sysdev, dev_type; -type sysfs_wifi, sysfs_type, fs_type; -type sysfs_bcmdhd, sysfs_type, fs_type; -type sysfs_chargelevel, sysfs_type, fs_type; -type sysfs_camera, sysfs_type, fs_type; - -# persist -type persist_ss_file, file_type, vendor_persist_type; - -# Storage Health HAL -type proc_f2fs, proc_type, fs_type; - -# Vendor tools -type vendor_dumpsys, vendor_file_type, file_type; - -# USB-C throttling stats -type sysfs_usbc_throttling_stats, sysfs_type, fs_type; - diff --git a/legacy/zuma/vendor/file.te b/legacy/zuma/vendor/file.te deleted file mode 100644 index ad6451b..0000000 --- a/legacy/zuma/vendor/file.te +++ /dev/null @@ -1,53 +0,0 @@ -# persist -type persist_display_file, file_type, vendor_persist_type; -type persist_battery_file, file_type, vendor_persist_type; -type persist_camera_file, file_type, vendor_persist_type; -type persist_fingerprint_file, file_type, vendor_persist_type; - -#sysfs -type sysfs_power_dump, sysfs_type, fs_type; -type sysfs_acpm_stats, sysfs_type, fs_type; -type sysfs_write_leds, sysfs_type, fs_type; - -# Trusty -type sysfs_trusty, sysfs_type, fs_type; - -# mount FS -allow proc_vendor_sched proc:filesystem associate; -allow bootdevice_sysdev sysfs:filesystem associate; - -# debugfs -type vendor_charger_debugfs, fs_type, debugfs_type; -type vendor_votable_debugfs, fs_type, debugfs_type; -type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_pm_genpd_debugfs, fs_type, debugfs_type; -type vendor_maxfg_debugfs, fs_type, debugfs_type; - -# WLC -type sysfs_wlc, sysfs_type, fs_type; - -# CHRE -type chre_socket, file_type; - -# BT -type vendor_bt_data_file, file_type, data_file_type; - -# Data -type chre_data_file, file_type, data_file_type; -type vendor_fingerprint_data_file, file_type, data_file_type; - -# Vendor sched files -userdebug_or_eng(` - typeattribute proc_vendor_sched mlstrustedobject; -') - -# sysfs -type sysfs_fabric, sysfs_type, fs_type; -type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; - -# GSA -type sysfs_gsa_log, sysfs_type, fs_type; - -# Faceauth -type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; diff --git a/tracking_denials/file.te b/tracking_denials/file.te new file mode 100644 index 0000000..6a2f6b2 --- /dev/null +++ b/tracking_denials/file.te @@ -0,0 +1,14 @@ +# b/314035704 +# Data +type per_boot_file, file_type, data_file_type, core_data_file_type; + +# sysfs +type sysfs_bcmdhd, sysfs_type, fs_type; +type sysfs_chargelevel, sysfs_type, fs_type; + +# mount FS +allow proc_vendor_sched proc:filesystem associate; + +# Faceauth +type sysfs_faceauth_rawimage_heap, sysfs_type, fs_type; + diff --git a/vendor/file.te b/vendor/file.te index 57c19a9..b221f7b 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -1,15 +1,70 @@ # persist type persist_uwb_file, file_type, vendor_persist_type; +type persist_ss_file, file_type, vendor_persist_type; +type persist_display_file, file_type, vendor_persist_type; +type persist_battery_file, file_type, vendor_persist_type; +type persist_camera_file, file_type, vendor_persist_type; +type persist_fingerprint_file, file_type, vendor_persist_type; #sysfs type sysfs_pca, sysfs_type, fs_type; +type bootdevice_sysdev, dev_type; +type sysfs_wifi, sysfs_type, fs_type; +type sysfs_camera, sysfs_type, fs_type; +type sysfs_power_dump, sysfs_type, fs_type; +type sysfs_acpm_stats, sysfs_type, fs_type; +type sysfs_write_leds, sysfs_type, fs_type; +type sysfs_fabric, sysfs_type, fs_type; +type sysfs_em_profile, sysfs_type, fs_type; +type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # debugfs type vendor_regmap_debugfs, fs_type, debugfs_type; type vendor_usb_debugfs, fs_type, debugfs_type; +type vendor_charger_debugfs, fs_type, debugfs_type; +type vendor_votable_debugfs, fs_type, debugfs_type; +type vendor_battery_debugfs, fs_type, debugfs_type; +type vendor_pm_genpd_debugfs, fs_type, debugfs_type; +type vendor_maxfg_debugfs, fs_type, debugfs_type; # Data type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; +type updated_wifi_firmware_data_file, file_type, data_file_type; +type vendor_misc_data_file, file_type, data_file_type; +type powerstats_vendor_data_file, file_type, data_file_type; +type chre_data_file, file_type, data_file_type; +type vendor_fingerprint_data_file, file_type, data_file_type; +# Storage Health HAL +type proc_f2fs, proc_type, fs_type; + +# Vendor tools +type vendor_dumpsys, vendor_file_type, file_type; + +# USB-C throttling stats +type sysfs_usbc_throttling_stats, sysfs_type, fs_type; + +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# mount FS +allow bootdevice_sysdev sysfs:filesystem associate; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; + +# CHRE +type chre_socket, file_type; + +# BT +type vendor_bt_data_file, file_type, data_file_type; + +# Vendor sched files +userdebug_or_eng(` + typeattribute proc_vendor_sched mlstrustedobject; +') + +# GSA +type sysfs_gsa_log, sysfs_type, fs_type; From b5238ed0fe8fe956331172628b513d67ffd1737a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 06:58:30 +0000 Subject: [PATCH 120/321] Update error on ROM 11140098 Bug: 314052376 Test: SELinuxUncheckedDenialBootTest Change-Id: I272af5fec9f9beb2ce62ffd29e1fc99fdfc1acc7 --- tracking_denials/tee.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/tee.te diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te new file mode 100644 index 0000000..c723053 --- /dev/null +++ b/tracking_denials/tee.te @@ -0,0 +1,2 @@ +# b/314052376 +dontaudit tee tee_userdata_block_device:blk_file { read write }; From 81b4d82d4c41c145ec090e6f57771de18cdd9d68 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 08:11:57 +0000 Subject: [PATCH 121/321] Remove unused rls_service Binary not existed Bug: 312143882 Test: make selinux_policy Change-Id: If51749d9c0b12d1a5ac8f3070cef30557202bdf8 --- legacy/whitechapel_pro/vndservice.te | 1 - legacy/whitechapel_pro/vndservice_contexts | 1 - legacy/zuma/vendor/hal_camera_default.te | 7 ------ legacy/zuma/vendor/rlsservice.te | 29 ---------------------- tracking_denials/file_contexts | 1 - 5 files changed, 39 deletions(-) delete mode 100644 legacy/whitechapel_pro/vndservice.te delete mode 100644 legacy/whitechapel_pro/vndservice_contexts delete mode 100644 legacy/zuma/vendor/rlsservice.te diff --git a/legacy/whitechapel_pro/vndservice.te b/legacy/whitechapel_pro/vndservice.te deleted file mode 100644 index 4c4dd7a..0000000 --- a/legacy/whitechapel_pro/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type rls_service, vndservice_manager_type; diff --git a/legacy/whitechapel_pro/vndservice_contexts b/legacy/whitechapel_pro/vndservice_contexts deleted file mode 100644 index 66cab48..0000000 --- a/legacy/whitechapel_pro/vndservice_contexts +++ /dev/null @@ -1 +0,0 @@ -rlsservice u:object_r:rls_service:s0 diff --git a/legacy/zuma/vendor/hal_camera_default.te b/legacy/zuma/vendor/hal_camera_default.te index 35cd7cf..6f8a338 100644 --- a/legacy/zuma/vendor/hal_camera_default.te +++ b/legacy/zuma/vendor/hal_camera_default.te @@ -43,9 +43,6 @@ userdebug_or_eng(` set_prop(hal_camera_default, vendor_camera_debug_prop); ') -# For camera hal to talk with rlsservice -allow hal_camera_default rls_service:service_manager find; -binder_call(hal_camera_default, rlsservice) hal_client_domain(hal_camera_default, hal_graphics_allocator); hal_client_domain(hal_camera_default, hal_graphics_composer) @@ -77,10 +74,6 @@ allow hal_camera_default sysfs_leds:file r_file_perms; allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; binder_call(hal_camera_default, hal_radioext_default); -# For camera hal to talk with rlsservice -allow hal_camera_default rls_service:service_manager find; -binder_call(hal_camera_default, rlsservice) - # Allow access to always-on compute device node allow hal_camera_default aoc_device:chr_file rw_file_perms; diff --git a/legacy/zuma/vendor/rlsservice.te b/legacy/zuma/vendor/rlsservice.te deleted file mode 100644 index 98b1503..0000000 --- a/legacy/zuma/vendor/rlsservice.te +++ /dev/null @@ -1,29 +0,0 @@ -type rlsservice, domain; -type rlsservice_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(rlsservice) -vndbinder_use(rlsservice) -add_service(rlsservice, rls_service) - -# access rainbow sensor calibration files -allow rlsservice persist_file:dir search; -allow rlsservice persist_camera_file:dir search; -allow rlsservice persist_camera_file:file r_file_perms; -allow rlsservice mnt_vendor_file:dir search; - -binder_call(rlsservice, hal_camera_default) - -# Allow access to display backlight information -allow rlsservice sysfs_leds:dir search; -allow rlsservice sysfs_leds:file r_file_perms; - -# Allow access to always-on compute device node -allow rlsservice device:dir r_file_perms; -allow rlsservice aoc_device:chr_file rw_file_perms; - -# For observing apex file changes -allow rlsservice apex_info_file:file r_file_perms; - -# Allow read camera property -get_prop(rlsservice, vendor_camera_prop); - diff --git a/tracking_denials/file_contexts b/tracking_denials/file_contexts index a69e8bf..3a629b2 100644 --- a/tracking_denials/file_contexts +++ b/tracking_denials/file_contexts @@ -2,7 +2,6 @@ # Binaries /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 -/vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 From c467c70f339f5ad962a67788def4b3fda1f5de3e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 08:32:05 +0000 Subject: [PATCH 122/321] Move legacy property_contexts to vendor and tracking_denials Bug: 312143882 Bug: 314065298 Test: make selinux_policy Change-Id: Ica7bbd24df3959af917896dbdc43d352e33add43 --- legacy/whitechapel_pro/property_contexts | 16 -------------- .../property_contexts | 18 +++++++-------- vendor/property_contexts | 22 +++++++++++++++++++ 3 files changed, 30 insertions(+), 26 deletions(-) delete mode 100644 legacy/whitechapel_pro/property_contexts rename {legacy/zuma/vendor => tracking_denials}/property_contexts (68%) diff --git a/legacy/whitechapel_pro/property_contexts b/legacy/whitechapel_pro/property_contexts deleted file mode 100644 index a5b69b1..0000000 --- a/legacy/whitechapel_pro/property_contexts +++ /dev/null @@ -1,16 +0,0 @@ -# SecureElement -persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 - -# for display -ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 -persist.vendor.display. u:object_r:vendor_display_prop:s0 - -# vendor default -ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0 -persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0 - -#uwb -ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string - -# Trusty -ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 diff --git a/legacy/zuma/vendor/property_contexts b/tracking_denials/property_contexts similarity index 68% rename from legacy/zuma/vendor/property_contexts rename to tracking_denials/property_contexts index f8d3e80..7532abc 100644 --- a/legacy/zuma/vendor/property_contexts +++ b/tracking_denials/property_contexts @@ -1,24 +1,22 @@ +# b/314065298 + +# for display +ro.vendor.hwc.drm.device u:object_r:vendor_display_prop:s0 +persist.vendor.display. u:object_r:vendor_display_prop:s0 +#uwb +ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string # Camera persist.vendor.camera. u:object_r:vendor_camera_prop:s0 -vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 - # Fingerprint vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 -persist.vendor.qfp. u:object_r:vendor_fingerprint_prop:s0 - # Battery -vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 - # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 - -# Mali GPU driver configuration and debug options -vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix - # Display ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int + diff --git a/vendor/property_contexts b/vendor/property_contexts index 43d498d..051c4dc 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -2,3 +2,25 @@ persist.vendor.usb. u:object_r:vendor_usb_config_prop:s0 vendor.usb. u:object_r:vendor_usb_config_prop:s0 +# SecureElement +persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 + +# vendor default +ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0 +persist.vendor.sys. u:object_r:vendor_persist_sys_default_prop:s0 + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 + +# Camera +vendor.camera. u:object_r:vendor_camera_prop:s0 + +# Fingerprint +persist.vendor.qfp. u:object_r:vendor_fingerprint_prop:s0 + +# Battery +vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 + +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + From 1f829bd3f9f9495ab51881d05ce9b79732e7a4ee Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 09:01:57 +0000 Subject: [PATCH 123/321] Move legacy property.te to vendor and tracking_denials Bug: 312143882 Bug: 314065301 Test: make selinux_policy Change-Id: I1e414cb04b71bf9aa47f8b60a78aad220bdf21b6 --- legacy/whitechapel_pro/property.te | 14 -------------- legacy/zuma/vendor/property.te | 12 ------------ tracking_denials/property.te | 15 +++++++++++++++ vendor/property.te | 16 ++++++++++++++++ 4 files changed, 31 insertions(+), 26 deletions(-) delete mode 100644 legacy/whitechapel_pro/property.te delete mode 100644 legacy/zuma/vendor/property.te create mode 100644 tracking_denials/property.te diff --git a/legacy/whitechapel_pro/property.te b/legacy/whitechapel_pro/property.te deleted file mode 100644 index a62eef6..0000000 --- a/legacy/whitechapel_pro/property.te +++ /dev/null @@ -1,14 +0,0 @@ -vendor_internal_prop(vendor_nfc_prop) -vendor_internal_prop(vendor_secure_element_prop) -vendor_internal_prop(vendor_battery_profile_prop) -vendor_internal_prop(vendor_camera_prop) -vendor_internal_prop(vendor_camera_fatp_prop) -vendor_internal_prop(vendor_ro_sys_default_prop) -vendor_internal_prop(vendor_persist_sys_default_prop) -vendor_internal_prop(vendor_display_prop) - -# UWB calibration -system_vendor_config_prop(vendor_uwb_calibration_prop) - -# Trusty storage FS ready -vendor_internal_prop(vendor_trusty_storage_prop) diff --git a/legacy/zuma/vendor/property.te b/legacy/zuma/vendor/property.te deleted file mode 100644 index 90efd65..0000000 --- a/legacy/zuma/vendor/property.te +++ /dev/null @@ -1,12 +0,0 @@ -# Fingerprint -vendor_internal_prop(vendor_fingerprint_prop) - -# Battery -vendor_internal_prop(vendor_battery_defender_prop) -vendor_internal_prop(vendor_shutdown_prop) - -# Dynamic sensor -vendor_internal_prop(vendor_dynamic_sensor_prop) - -# Mali Integration -vendor_restricted_prop(vendor_arm_runtime_option_prop) diff --git a/tracking_denials/property.te b/tracking_denials/property.te new file mode 100644 index 0000000..c1a95d6 --- /dev/null +++ b/tracking_denials/property.te @@ -0,0 +1,15 @@ +# b/314065301 + +vendor_internal_prop(vendor_nfc_prop) +vendor_internal_prop(vendor_battery_profile_prop) +vendor_internal_prop(vendor_camera_fatp_prop) +vendor_internal_prop(vendor_display_prop) + +# UWB calibration +system_vendor_config_prop(vendor_uwb_calibration_prop) + +# Battery +vendor_internal_prop(vendor_shutdown_prop) + +# Dynamic sensor +vendor_internal_prop(vendor_dynamic_sensor_prop) diff --git a/vendor/property.te b/vendor/property.te index 34029be..344e8c9 100644 --- a/vendor/property.te +++ b/vendor/property.te @@ -1,3 +1,19 @@ +vendor_internal_prop(vendor_camera_prop) +vendor_internal_prop(vendor_ro_sys_default_prop) +vendor_internal_prop(vendor_persist_sys_default_prop) + # USB vendor_internal_prop(vendor_usb_config_prop) +vendor_internal_prop(vendor_secure_element_prop) +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) + +# Fingerprint +vendor_internal_prop(vendor_fingerprint_prop) + +# Battery +vendor_internal_prop(vendor_battery_defender_prop) + +# Mali Integration +vendor_restricted_prop(vendor_arm_runtime_option_prop) From 994ec8c478835a3f9bfa5505d92a5fe0f8c8765c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 09:36:54 +0000 Subject: [PATCH 124/321] Move Exynos.HWCService to vendor/ Bug: 312143882 Test: make selinux_policy Change-Id: I2b33d160ee7cbd169e044308a9fc4c5eda19e6b3 --- {legacy/zuma/vendor => vendor}/vndservice.te | 0 {legacy/zuma/vendor => vendor}/vndservice_contexts | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/vndservice.te (100%) rename {legacy/zuma/vendor => vendor}/vndservice_contexts (100%) diff --git a/legacy/zuma/vendor/vndservice.te b/vendor/vndservice.te similarity index 100% rename from legacy/zuma/vendor/vndservice.te rename to vendor/vndservice.te diff --git a/legacy/zuma/vendor/vndservice_contexts b/vendor/vndservice_contexts similarity index 100% rename from legacy/zuma/vendor/vndservice_contexts rename to vendor/vndservice_contexts From 4e44355a8dbe05ee30c3ac60d7d0a49a57b1d80a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 09:51:49 +0000 Subject: [PATCH 125/321] Move service_contexts to vendor and tracking_denials Bug: 312143882 Bug: 314080507 Test: make selinux_policy Change-Id: Ia8474dc880c912b9a3db4401551a3eeed280bb47 --- legacy/zuma/vendor/service.te | 6 ------ legacy/zuma/vendor/service_contexts | 5 ----- tracking_denials/service.te | 2 ++ tracking_denials/service_contexts | 2 ++ vendor/service.te | 4 ++++ vendor/service_contexts | 3 +++ 6 files changed, 11 insertions(+), 11 deletions(-) delete mode 100644 legacy/zuma/vendor/service.te delete mode 100644 legacy/zuma/vendor/service_contexts create mode 100644 tracking_denials/service.te create mode 100644 tracking_denials/service_contexts diff --git a/legacy/zuma/vendor/service.te b/legacy/zuma/vendor/service.te deleted file mode 100644 index 85b1745..0000000 --- a/legacy/zuma/vendor/service.te +++ /dev/null @@ -1,6 +0,0 @@ -type hal_pixel_display_service, service_manager_type, hal_service_type; - -# WLC -type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; - -type arm_mali_platform_service, app_api_service, service_manager_type; diff --git a/legacy/zuma/vendor/service_contexts b/legacy/zuma/vendor/service_contexts deleted file mode 100644 index ffa2639..0000000 --- a/legacy/zuma/vendor/service_contexts +++ /dev/null @@ -1,5 +0,0 @@ -com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 - -vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 - -arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0 diff --git a/tracking_denials/service.te b/tracking_denials/service.te new file mode 100644 index 0000000..dd4f0a2 --- /dev/null +++ b/tracking_denials/service.te @@ -0,0 +1,2 @@ +# b/314080507 +type arm_mali_platform_service, app_api_service, service_manager_type; diff --git a/tracking_denials/service_contexts b/tracking_denials/service_contexts new file mode 100644 index 0000000..cde80dc --- /dev/null +++ b/tracking_denials/service_contexts @@ -0,0 +1,2 @@ +# b/314080507 +arm.mali.platform.ICompression/default u:object_r:arm_mali_platform_service:s0 diff --git a/vendor/service.te b/vendor/service.te index 8b13789..d6c582e 100644 --- a/vendor/service.te +++ b/vendor/service.te @@ -1 +1,5 @@ +type hal_pixel_display_service, service_manager_type, hal_service_type; + +# WLC +type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; diff --git a/vendor/service_contexts b/vendor/service_contexts index ff110d6..068d2d7 100644 --- a/vendor/service_contexts +++ b/vendor/service_contexts @@ -1 +1,4 @@ vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0 +com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 + From 2c24437cb16779c0d03ca54b954e4c227baee55a Mon Sep 17 00:00:00 2001 From: Luis Delgado de Mendoza Date: Tue, 14 Nov 2023 16:07:27 -0800 Subject: [PATCH 126/321] Add necessary entries in genfs for the new BT channel. Bug: 308452948 Test: Validated locally on husky. Change-Id: I9d6f31e856cf4290ff4fd880f115234eb3ed019c --- vendor/genfs_contexts | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 78f8536..a719d1a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -59,8 +59,12 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.bt.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.bt/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 From c459e19f9f1aa2cc3afd5cb91101bb12aba52045 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 18:23:51 +0000 Subject: [PATCH 127/321] Add missing legacy genfs_contexts to tracking_denials Bug: 312143882 Bug: 314036372 Test: make selinux_policy Change-Id: If7ff2d5c93f8531998ec7f00862e4dc175ac383a --- tracking_denials/genfs_contexts | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tracking_denials/genfs_contexts b/tracking_denials/genfs_contexts index 3e005ec..e76d01e 100644 --- a/tracking_denials/genfs_contexts +++ b/tracking_denials/genfs_contexts @@ -78,3 +78,27 @@ genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power/wakeup genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11025/power_supply/tcpmourcesy025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c1/11069/power_supply/mainharger/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/soundoc/wakeup/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/wakeup/wakeup u:object_r:sysfs_wakeup:s0 + +# USB-C throttling stats +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 + +# Faceauth +genfscon sysfs /sys/kernel/vendor_mm/gcma_heap/trusty:faceauth_rawimage_heap/max_usage_kb u:object_r:sysfs_faceauth_rawimage_heap:s0 + From 4b30393e1ad7d50ecc3524ecbaf57bf09203be8b Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 1 Dec 2023 03:19:30 +0000 Subject: [PATCH 128/321] Move hal_input_processor_default to vendor Bug: 312143882 Bug: 273163412 Test: make selinux_policy Change-Id: Ie130e123a79c8d3cab71dbabbfb82c287b93b425 --- {legacy/whitechapel_pro => vendor}/hal_input_processor_default.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/whitechapel_pro => vendor}/hal_input_processor_default.te (100%) diff --git a/legacy/whitechapel_pro/hal_input_processor_default.te b/vendor/hal_input_processor_default.te similarity index 100% rename from legacy/whitechapel_pro/hal_input_processor_default.te rename to vendor/hal_input_processor_default.te From 2bb05fbdf6ed7ecab161f24bde4a1aa231677327 Mon Sep 17 00:00:00 2001 From: Daniel Norman Date: Fri, 10 Nov 2023 22:43:40 +0000 Subject: [PATCH 129/321] Removes duplicate hidraw_device type definition. This type is now defined by the platform. Bug: 303522222 Test: ls -z /dev/hidraw0 Change-Id: I1a53405c7b6f12d6318a7808fa2cb61e02696cba Merged-In: I1a53405c7b6f12d6318a7808fa2cb61e02696cba (cherry picked from commit f6ee9c4b50f8709e4c1c7e5ef82d93a88a57e460) --- legacy/whitechapel_pro/device.te | 3 --- legacy/whitechapel_pro/file_contexts | 3 --- 2 files changed, 6 deletions(-) diff --git a/legacy/whitechapel_pro/device.te b/legacy/whitechapel_pro/device.te index bf6f21c..7d31940 100644 --- a/legacy/whitechapel_pro/device.te +++ b/legacy/whitechapel_pro/device.te @@ -2,6 +2,3 @@ type sg_device, dev_type; type vendor_toe_device, dev_type; type lwis_device, dev_type; type rls_device, dev_type; - -# Raw HID device -type hidraw_device, dev_type; diff --git a/legacy/whitechapel_pro/file_contexts b/legacy/whitechapel_pro/file_contexts index a9901c0..f0570fd 100644 --- a/legacy/whitechapel_pro/file_contexts +++ b/legacy/whitechapel_pro/file_contexts @@ -48,6 +48,3 @@ # Persist /mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 - -# Raw HID device -/dev/hidraw[0-9]* u:object_r:hidraw_device:s0 From eacc300b82d99df5c1eca152d76399608489eba7 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 4 Dec 2023 08:47:47 +0000 Subject: [PATCH 130/321] Update error on ROM 11172478 Bug: 314719343 Bug: 314719241 Test: SELinuxUncheckedDenialBootTest Change-Id: If691fb512b2749ff3e49ca5c766c1e7dc30970a9 --- tracking_denials/aocd.te | 2 ++ tracking_denials/hal_usb_impl.te | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 tracking_denials/aocd.te create mode 100644 tracking_denials/hal_usb_impl.te diff --git a/tracking_denials/aocd.te b/tracking_denials/aocd.te new file mode 100644 index 0000000..05b7708 --- /dev/null +++ b/tracking_denials/aocd.te @@ -0,0 +1,2 @@ +# b/314719343 +dontaudit aocd sysfs_aoc:file { read }; diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..8af0037 --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/314719241 +dontaudit hal_usb_impl fwk_stats_service:service_manager { find }; From aeb8adcbc0bcd95ee91a17b31057ed7511cc781c Mon Sep 17 00:00:00 2001 From: Rios Kao Date: Mon, 4 Dec 2023 10:16:49 +0000 Subject: [PATCH 131/321] audio: move related sepolicy of audio to gs-common Test: build pass Bug: 301180586 Change-Id: I1fa6f6348da4a5fd24df328ff1f40fa80f43403a --- radio/radio.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/radio/radio.te b/radio/radio.te index 00a5009..917947e 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -4,6 +4,4 @@ allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; allow radio vendor_ims_app:udp_socket { getattr read write setopt shutdown }; allow radio aoc_device:chr_file rw_file_perms; -allow radio hal_audio_ext_hwservice:hwservice_manager find; -binder_call(radio, hal_audio_default) allow radio scheduling_policy_service:service_manager find; From b861f8ec0f1f96654b1bfceedf41e048f5553c57 Mon Sep 17 00:00:00 2001 From: timtmlin Date: Mon, 4 Dec 2023 19:02:37 +0800 Subject: [PATCH 132/321] allow RILD to access modem status property Bug: 314133117 Test: set telephony.ril.modem_bin_status and restart modem Change-Id: Ibe3a9d6f2a5c6bcd596797131e6bbe90a4f2341a --- radio/rild.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/radio/rild.te b/radio/rild.te index 9b9cd5c..c8a826f 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -7,7 +7,7 @@ get_prop(rild, sota_prop) get_prop(rild, system_boot_reason_prop) set_prop(rild, telephony_ril_prop) -set_prop(radio, telephony_modemtype_prop) +set_prop(rild, telephony_modemtype_prop) allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; From 4d6d0adb8f7d190545e5d1137c1ed27014a0fe95 Mon Sep 17 00:00:00 2001 From: Jason Chiu Date: Thu, 30 Nov 2023 23:17:39 +0800 Subject: [PATCH 133/321] zumapro: move sepolicy related to bootctrl hal to gs-common Bug: 265063384 Change-Id: I0eaa0b798f46a32404c8d7d797b5aeceb12326a0 Signed-off-by: Jason Chiu --- legacy/zuma/vendor/device.te | 4 ---- legacy/zuma/vendor/hal_bootctl_default.te | 4 ---- vendor/file.te | 1 - vendor/file_contexts | 1 - 4 files changed, 10 deletions(-) delete mode 100644 legacy/zuma/vendor/hal_bootctl_default.te diff --git a/legacy/zuma/vendor/device.te b/legacy/zuma/vendor/device.te index 714896d..80bf3f0 100644 --- a/legacy/zuma/vendor/device.te +++ b/legacy/zuma/vendor/device.te @@ -1,6 +1,5 @@ type persist_block_device, dev_type; type custom_ab_block_device, dev_type; -type devinfo_block_device, dev_type; type mfg_data_block_device, dev_type; type ufs_internal_block_device, dev_type; type logbuffer_device, dev_type; @@ -16,6 +15,3 @@ type gcma_camera_heap_device, dmabuf_heap_device_type, dev_type; # SecureElement SPI device type st54spi_device, dev_type; - -# OTA -type sda_block_device, dev_type; diff --git a/legacy/zuma/vendor/hal_bootctl_default.te b/legacy/zuma/vendor/hal_bootctl_default.te deleted file mode 100644 index 2db4651..0000000 --- a/legacy/zuma/vendor/hal_bootctl_default.te +++ /dev/null @@ -1,4 +0,0 @@ -allow hal_bootctl_default devinfo_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sda_block_device:blk_file rw_file_perms; -allow hal_bootctl_default sysfs_ota:file rw_file_perms; -allow hal_bootctl_default tee_device:chr_file rw_file_perms; diff --git a/vendor/file.te b/vendor/file.te index b221f7b..cbe1e35 100644 --- a/vendor/file.te +++ b/vendor/file.te @@ -16,7 +16,6 @@ type sysfs_acpm_stats, sysfs_type, fs_type; type sysfs_write_leds, sysfs_type, fs_type; type sysfs_fabric, sysfs_type, fs_type; type sysfs_em_profile, sysfs_type, fs_type; -type sysfs_ota, sysfs_type, fs_type; type sysfs_ospm, sysfs_type, fs_type; # debugfs diff --git a/vendor/file_contexts b/vendor/file_contexts index a0c9639..4cf0fae 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -9,7 +9,6 @@ /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /vendor/bin/hw/android\.hardware\.health-service\.zumapro u:object_r:hal_health_default_exec:s0 -/vendor/bin/hw/android\.hardware\.boot@1\.2-service-zumapro u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 From b8f2e8f69f4dcd685e5fa27bd64f343842b2d350 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 03:08:10 +0000 Subject: [PATCH 134/321] Remove uwb app Bug: 312143882 Change-Id: I3807a60097cae74fb40c726620ef602ebe60e23d --- legacy/zuma/vendor/uwb_vendor_app.te | 4 --- tracking_denials/certs/com_qorvo_uwb.x509.pem | 29 ------------------- tracking_denials/keys.conf | 3 -- tracking_denials/mac_permissions.xml | 3 -- tracking_denials/seapp_contexts | 3 -- 5 files changed, 42 deletions(-) delete mode 100644 legacy/zuma/vendor/uwb_vendor_app.te delete mode 100644 tracking_denials/certs/com_qorvo_uwb.x509.pem diff --git a/legacy/zuma/vendor/uwb_vendor_app.te b/legacy/zuma/vendor/uwb_vendor_app.te deleted file mode 100644 index d249d36..0000000 --- a/legacy/zuma/vendor/uwb_vendor_app.te +++ /dev/null @@ -1,4 +0,0 @@ -type uwb_vendor_app, domain; - -app_domain(uwb_vendor_app) - diff --git a/tracking_denials/certs/com_qorvo_uwb.x509.pem b/tracking_denials/certs/com_qorvo_uwb.x509.pem deleted file mode 100644 index 0e7c9ed..0000000 --- a/tracking_denials/certs/com_qorvo_uwb.x509.pem +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIF1TCCA72gAwIBAgIVALSpAFqvtr1ntTS7YgB0Y5R6WqEtMA0GCSqGSIb3DQEBCwUAMHoxCzAJ -BgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQw -EgYDVQQKEwtHb29nbGUgSW5jLjEQMA4GA1UECxMHQW5kcm9pZDEWMBQGA1UEAwwNY29tX3FvcnZv -X3V3YjAgFw0yMTA1MDQwNTAyMDlaGA8yMDUxMDUwNDA1MDIwOVowejELMAkGA1UEBhMCVVMxEzAR -BgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dvb2ds -ZSBJbmMuMRAwDgYDVQQLEwdBbmRyb2lkMRYwFAYDVQQDDA1jb21fcW9ydm9fdXdiMIICIjANBgkq -hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyoe1/UDAyMZd5iWqaKPDKN0cCESsWBTTkuLFpzMfcTEa -IyMORaIYriuAxvWhNzidPQvvRPyw0XQbl7GZLjXLF004G5xPTXFHIdtWv/scuC53INqTerppcHeW -fP4hfJPbZMQNcDB9EHa2bhA0wPdfoJD4cz8T7sgQcbRirdR8KoiOVWYe5UTSdk0df2IbiMZav2DJ -KhFql323emi4QHoDeUMAYy35mTh5vhfJ8NrCRAUwMh0zlw6LwZw/Dr8AbzDXl4Mo6Ij2pTn3/1zW -BPNkJonvONiMvuUUDl6LnP/41qhxYSg9RBp3wBJLknmfD/hEaXxTSLdkJyF43t61sU12mDQbLu4s -ZoiQKeKMJ0VpC56gUzkpnx3pzusq+/bAlTXf8Tfqrm7nizwR/69kntNYp8iaUJnvQQzlChc2lg2X -QNzf6zShPptpPqJIgmWawH6DL8JPHgkpguWyz47dWHCLnTfp8miEZPrQkPKL13SCMYCwxmlNYNWG -gUFPX5UJfnNVH4y2gPpXssROyKQKp/ArZkWb2zURrC1RUvNFADvvFt+hb2iXXVnfVeEtKAkSdhOj -RHwXhc/EtraSMMYUeO/uhUiPmPFR0FVLxCIm6i91/xqgWhKgRN0uatornO3lSNgzk4c7b0JCncEn -iArWJ516/nqWIvEdYjcqIBDAdSx8S1sCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQU -EGKtCMO6w0UKLbAmd/laZERZZrkwHwYDVR0jBBgwFoAUEGKtCMO6w0UKLbAmd/laZERZZrkwDQYJ -KoZIhvcNAQELBQADggIBAIRowmuGiFeZdyDsbYi0iYISNW2HID4uLM3Pp8CEx5swlntJu1Z19R9t -fzzY9lvcMgdbdVJYnGrHzUGUCVqbhfDH7GxP9ybg1QUqYxi6AvZU3wrRqjoUoDw7HlecNBXFZI6z -0f2J3XSzST3kq5lCuUaEKGHkU8jVgwqVGMcz1foLGzBXQhMgIKl966c5DWoXsLToBCXrNgDokkHe -cj9tI1ufsWrSxl5/AT0/DMjHkcBmZk78RiTcGJtSZU8YwqNIQa+U2hpDE34iy2LC6YEqMKggjCm0 -6nOBbIH0EXnrr0iBX3YJmDM8O4a9eDpI7FSjabPx9YvfQne08pNwYkExOMafibyAwt7Du0cpxNkg -NE3xeDZ+TVr+4I10HF1gKpJ+rQsBOIYVTWLKATO4TMQxLNLY9oy2gt12PcsCdkOIThX4bAHXq1eY -ulAxoA7Hba2xq/wnh2JH5VZIjz3yZBJXX/GyFeHkqv7wFRVrx4DjZC1s5uTdqDh6y8pfM49w9/Zp -BKtz5B+37bC9FmM+ux39MElqx+kbsITzBDtDWa2Q8onWQR0R4WHI43n1mJSvW4cdR6Xf/a1msPXh -NHc3XCJYq4WvlMuXWEGVka20LPJXIjiuU3sB088YpjAG1+roSn//CL8N9iDWHCRXy+UKElIbhWLz -lHV8gmlwBAuAx9ITcTJr ------END CERTIFICATE----- diff --git a/tracking_denials/keys.conf b/tracking_denials/keys.conf index 92b931b..56f6721 100644 --- a/tracking_denials/keys.conf +++ b/tracking_denials/keys.conf @@ -10,8 +10,5 @@ ALL : device/google/zumapro-sepolicy/tracking_denials/certs/camera_fishfood.x509 [@CAMERASERVICES] ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_google_android_apps_camera_services.x509.pem -[@UWB] -ALL : device/google/zumapro-sepolicy/tracking_denials/certs/com_qorvo_uwb.x509.pem - [@EUICCSUPPORTPIXEL] ALL : device/google/zumapro-sepolicy/tracking_denials/certs/EuiccSupportPixel.x509.pem diff --git a/tracking_denials/mac_permissions.xml b/tracking_denials/mac_permissions.xml index d469c3b..c0c0cc9 100644 --- a/tracking_denials/mac_permissions.xml +++ b/tracking_denials/mac_permissions.xml @@ -33,9 +33,6 @@ - - - diff --git a/tracking_denials/seapp_contexts b/tracking_denials/seapp_contexts index 0b048df..7c87136 100644 --- a/tracking_denials/seapp_contexts +++ b/tracking_denials/seapp_contexts @@ -7,8 +7,5 @@ user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_d # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all -# Qorvo UWB system app -user=_app isPrivApp=true seinfo=uwb name=com.qorvo.uwb.vendorservice domain=uwb_vendor_app type=uwb_vendor_data_file levelFrom=all - # CccDkTimeSyncService user=_app isPrivApp=true name=com.google.pixel.digitalkey.timesync domain=vendor_cccdktimesync_app type=app_data_file levelFrom=all From c7973bf59acc095544b90ce1fb0a51ed92eb47a8 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 30 Nov 2023 07:57:42 +0000 Subject: [PATCH 135/321] Move uwb service to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I6266383542ab6a6db6cdcd6891e79aae6f6beb41 --- legacy/whitechapel_pro/service.te | 1 - legacy/whitechapel_pro/service_contexts | 1 - vendor/service.te | 1 + vendor/service_contexts | 1 + 4 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 legacy/whitechapel_pro/service.te delete mode 100644 legacy/whitechapel_pro/service_contexts diff --git a/legacy/whitechapel_pro/service.te b/legacy/whitechapel_pro/service.te deleted file mode 100644 index 21f7c51..0000000 --- a/legacy/whitechapel_pro/service.te +++ /dev/null @@ -1 +0,0 @@ -type hal_uwb_vendor_service, service_manager_type, hal_service_type; diff --git a/legacy/whitechapel_pro/service_contexts b/legacy/whitechapel_pro/service_contexts deleted file mode 100644 index d4777d1..0000000 --- a/legacy/whitechapel_pro/service_contexts +++ /dev/null @@ -1 +0,0 @@ -hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 diff --git a/vendor/service.te b/vendor/service.te index d6c582e..b866caa 100644 --- a/vendor/service.te +++ b/vendor/service.te @@ -1,4 +1,5 @@ type hal_pixel_display_service, service_manager_type, hal_service_type; +type hal_uwb_vendor_service, service_manager_type, hal_service_type; # WLC type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; diff --git a/vendor/service_contexts b/vendor/service_contexts index 068d2d7..cc9df8e 100644 --- a/vendor/service_contexts +++ b/vendor/service_contexts @@ -1,4 +1,5 @@ vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal_fingerprint_service:s0 com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 +hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 From 94fa60cc47a9f28a47b9ab1097eeed49bc891a93 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 07:21:35 +0000 Subject: [PATCH 136/321] Move bootanim to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I194dedde82f7980520b0d5f01a2820f612365e1c --- {legacy/zuma/vendor => vendor}/bootanim.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/bootanim.te (100%) diff --git a/legacy/zuma/vendor/bootanim.te b/vendor/bootanim.te similarity index 100% rename from legacy/zuma/vendor/bootanim.te rename to vendor/bootanim.te From 106d62a9cbf6ee4bf4df31b1c0a7d48c7bcf46b5 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 08:05:16 +0000 Subject: [PATCH 137/321] Allow audioserver access /dev/snd/pcmC0D0p Bug: 264484544 Bug: 312143882 Test: make selinux_policy Change-Id: Ib0ba9d425cc3ad77e377acbb6d00c641615768fb --- {legacy/zuma/vendor => vendor}/audioserver.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/audioserver.te (100%) diff --git a/legacy/zuma/vendor/audioserver.te b/vendor/audioserver.te similarity index 100% rename from legacy/zuma/vendor/audioserver.te rename to vendor/audioserver.te From e225fb657b740a88368a096b3e6522a2e74205f9 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 08:49:01 +0000 Subject: [PATCH 138/321] Move charger_vendor from legacy to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I8a93d4306fdf62bd21a864977e6c69445314211d --- {legacy/zuma/vendor => vendor}/charger_vendor.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/charger_vendor.te (100%) diff --git a/legacy/zuma/vendor/charger_vendor.te b/vendor/charger_vendor.te similarity index 100% rename from legacy/zuma/vendor/charger_vendor.te rename to vendor/charger_vendor.te From 089c00aecc972a56f2b77e94e8b06ee127e4c599 Mon Sep 17 00:00:00 2001 From: David Drysdale Date: Tue, 5 Dec 2023 09:58:21 +0000 Subject: [PATCH 139/321] Add Secretkeeper HAL Test: VtsAidlAuthGraphSessionTest Bug: 306364873 Change-Id: Ib09cea7b41efec8b79739eeccc798e96b2b1efbd --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index a0c9639..a928034 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -24,6 +24,7 @@ /vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 /vendor/bin/chre u:object_r:chre_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 From ffebd92814f98f7c13357b398b0608554f1a0c8f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 10:16:05 +0000 Subject: [PATCH 140/321] Move chre from legacy to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I8a83e5fb4ec042a278ca381e2db9e3ce9f6344aa --- {legacy/zuma/vendor => vendor}/chre.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/chre.te (100%) diff --git a/legacy/zuma/vendor/chre.te b/vendor/chre.te similarity index 100% rename from legacy/zuma/vendor/chre.te rename to vendor/chre.te From 0090cdb91231008e3defd63a1566874d660a1add Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 10:52:49 +0000 Subject: [PATCH 141/321] Move con_monitor_app from legacy to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I37a4d1e496d8c2a89506e712a01a66124f672c56 --- {legacy/zuma/vendor => vendor}/con_monitor_app.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/con_monitor_app.te (100%) diff --git a/legacy/zuma/vendor/con_monitor_app.te b/vendor/con_monitor_app.te similarity index 100% rename from legacy/zuma/vendor/con_monitor_app.te rename to vendor/con_monitor_app.te From 210b1492bf48d2d668fb9ad804341e957ab0a6cf Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 11:10:51 +0000 Subject: [PATCH 142/321] Move dump_gsa to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I090d7e1bb0b69aa2d06b19c7d71998498a490e7f --- {legacy/zuma/vendor => vendor}/dump_gsa.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/dump_gsa.te (100%) diff --git a/legacy/zuma/vendor/dump_gsa.te b/vendor/dump_gsa.te similarity index 100% rename from legacy/zuma/vendor/dump_gsa.te rename to vendor/dump_gsa.te From 007718bd55466753aea67e9d92468555f087769c Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 11:14:52 +0000 Subject: [PATCH 143/321] Move dumpstate to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I9f1a46b5c4c472a1f4ab01a91b17741bfc152ca9 --- {legacy/zuma/vendor => vendor}/dumpstate.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/dumpstate.te (100%) diff --git a/legacy/zuma/vendor/dumpstate.te b/vendor/dumpstate.te similarity index 100% rename from legacy/zuma/vendor/dumpstate.te rename to vendor/dumpstate.te From 8b0e8aa04cf6f732ac645316fdc2a87221273309 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 11:23:30 +0000 Subject: [PATCH 144/321] Move e2fs to vendor Bug: 312143882 Test: make selinux_policy Change-Id: Iba2258335ffb2866624d65966e7eed9235cd889d --- {legacy/zuma/vendor => vendor}/e2fs.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/e2fs.te (100%) diff --git a/legacy/zuma/vendor/e2fs.te b/vendor/e2fs.te similarity index 100% rename from legacy/zuma/vendor/e2fs.te rename to vendor/e2fs.te From 5ab436f824c89d0a88fe7515e220680a76d6dc0a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 5 Dec 2023 11:29:51 +0000 Subject: [PATCH 145/321] Move fsck rule to vendor Bug: 312143882 Test: make selinux_policy Change-Id: I3d27f928e0c02020d0028a0449f18467ce2a4391 --- {legacy/zuma/vendor => vendor}/fsck.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/fsck.te (100%) diff --git a/legacy/zuma/vendor/fsck.te b/vendor/fsck.te similarity index 100% rename from legacy/zuma/vendor/fsck.te rename to vendor/fsck.te From 379c836acd1700d5f5308d817117435e654e0c6b Mon Sep 17 00:00:00 2001 From: virkumar Date: Tue, 5 Dec 2023 12:10:36 +0000 Subject: [PATCH 146/321] Allow pixelntnservice accessing SubscriptionManager Bug: 312575569 Test: manually check if there is any AVC denied. Change-Id: Ic366fbc2f3a58c343fa8d28f82894d798ee2b0c7 --- system_ext/private/pixelntnservice_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te index 231877b..194d6c3 100644 --- a/system_ext/private/pixelntnservice_app.te +++ b/system_ext/private/pixelntnservice_app.te @@ -2,5 +2,6 @@ typeattribute pixelntnservice_app coredomain; app_domain(pixelntnservice_app); allow pixelntnservice_app app_api_service:service_manager find; +allow pixelntnservice_app radio_service:service_manager find; set_prop(pixelntnservice_app, telephony_modem_prop) get_prop(pixelntnservice_app, telephony_modemtype_prop) From 7bb14371420f0a66b4d75e200238d572b4f4d635 Mon Sep 17 00:00:00 2001 From: Chien Kun Niu Date: Wed, 6 Dec 2023 14:22:03 +0800 Subject: [PATCH 147/321] Suppress avc error log on debugfs's usb folder. The XHCI driver in kernel will write debugging information to DebugFS on some USB host operations (for example: plugging in a USB headphone). We are not using those information right now. Bug: 311088739 Test: No error when plugging a USB headphone in. Change-Id: I3e13d117ca6eb9c31c3eb67be87fcea684817911 Signed-off-by: Chien Kun Niu --- vendor/kernel.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/kernel.te diff --git a/vendor/kernel.te b/vendor/kernel.te new file mode 100644 index 0000000..63a6f35 --- /dev/null +++ b/vendor/kernel.te @@ -0,0 +1 @@ +dontaudit kernel vendor_usb_debugfs:dir search; From 624effa7bbb8a2ebc77e5427b87b72176b54971e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 6 Dec 2023 09:14:42 +0000 Subject: [PATCH 148/321] Remove dump_wlan Bug: 312143882 Test: make selinux_policy Change-Id: I9e3cabf93c0d28a7d82ab367eff6c7daecf83131 --- legacy/zuma/vendor/dump_wlan.te | 3 --- vendor/file_contexts | 1 - 2 files changed, 4 deletions(-) delete mode 100644 legacy/zuma/vendor/dump_wlan.te diff --git a/legacy/zuma/vendor/dump_wlan.te b/legacy/zuma/vendor/dump_wlan.te deleted file mode 100644 index f743da0..0000000 --- a/legacy/zuma/vendor/dump_wlan.te +++ /dev/null @@ -1,3 +0,0 @@ -pixel_bugreport(dump_wlan) - -allow dump_wlan vendor_toolbox_exec:file execute_no_trans; diff --git a/vendor/file_contexts b/vendor/file_contexts index 4cf0fae..4c36d18 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -15,7 +15,6 @@ /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 -/vendor/bin/dump/dump_wlan\.sh u:object_r:dump_wlan_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 /vendor/bin/storageproxyd u:object_r:tee_exec:s0 From bf85d96523689a9b9e1224011a1f6732f7e29c7e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 7 Dec 2023 03:59:52 +0000 Subject: [PATCH 149/321] Add insmod-sh policy Fix: 307468923 Fix: 312372936 Test: make selinux_policy Change-Id: Icd42c4a74b44b7e593dc7c0598f3d23c3f251a2c --- legacy/zuma/vendor/insmod-sh.te | 2 -- tracking_denials/insmod-sh.te | 5 ----- vendor/insmod-sh.te | 3 +++ 3 files changed, 3 insertions(+), 7 deletions(-) delete mode 100644 legacy/zuma/vendor/insmod-sh.te delete mode 100644 tracking_denials/insmod-sh.te diff --git a/legacy/zuma/vendor/insmod-sh.te b/legacy/zuma/vendor/insmod-sh.te deleted file mode 100644 index e09c248..0000000 --- a/legacy/zuma/vendor/insmod-sh.te +++ /dev/null @@ -1,2 +0,0 @@ -allow insmod-sh self:capability sys_nice; -allow insmod-sh kernel:process setsched; diff --git a/tracking_denials/insmod-sh.te b/tracking_denials/insmod-sh.te deleted file mode 100644 index 39c4e8d..0000000 --- a/tracking_denials/insmod-sh.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/307468923 -userdebug_or_eng(` - permissive insmod-sh; -')# b/312372936 -dontaudit insmod-sh insmod-sh:key { write }; diff --git a/vendor/insmod-sh.te b/vendor/insmod-sh.te index ac5adeb..2fec873 100644 --- a/vendor/insmod-sh.te +++ b/vendor/insmod-sh.te @@ -1 +1,4 @@ +allow insmod-sh self:capability sys_nice; +allow insmod-sh kernel:process setsched; allow insmod-sh vendor_regmap_debugfs:dir search; +dontaudit insmod-sh insmod-sh:key write; From 32d3293bfacdfe49e716cc64aabd91d08e76c986 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Thu, 7 Dec 2023 10:04:10 +0000 Subject: [PATCH 150/321] Remove tee tracking denial Bug: 312894027 Bug: 314052376 Test: avc denials not found on boot: see b/312894027 Change-Id: I20c42056948f805e3eb7c6087cf7fde863f78d4e Signed-off-by: Donnie Pollitz --- tracking_denials/tee.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/tee.te diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te deleted file mode 100644 index c723053..0000000 --- a/tracking_denials/tee.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/314052376 -dontaudit tee tee_userdata_block_device:blk_file { read write }; From 5fcda36d97ad6a362901b74bd65c7857dfa0c533 Mon Sep 17 00:00:00 2001 From: Hasan Awais Date: Fri, 8 Dec 2023 09:15:11 -0800 Subject: [PATCH 151/321] Remove hal_uwb_default tracking denial Bug: 307468767 Test: avc denials not found with UWB HAL Change-Id: I2fb9f261d7ae21834acbaaf80dbab8a5ab41aa75 Signed-off-by: Hasan Awais --- tracking_denials/hal_uwb_default.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/hal_uwb_default.te diff --git a/tracking_denials/hal_uwb_default.te b/tracking_denials/hal_uwb_default.te deleted file mode 100644 index 7fe8be8..0000000 --- a/tracking_denials/hal_uwb_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468767 -userdebug_or_eng(` - permissive hal_uwb_default; -') \ No newline at end of file From f2df883237ac1f9f740f0552f1aa134531aad9ad Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 11 Dec 2023 02:37:49 +0000 Subject: [PATCH 152/321] Update error on ROM 11189630 Bug: 315105050 Test: SELinuxUncheckedDenialBootTest Change-Id: I41998d0c1a7dc153372692a6a0d0559299ae90d3 --- tracking_denials/hal_radioext_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/hal_radioext_default.te diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te new file mode 100644 index 0000000..7ea2914 --- /dev/null +++ b/tracking_denials/hal_radioext_default.te @@ -0,0 +1,2 @@ +# b/315105050 +dontaudit hal_radioext_default radio_vendor_data_file:file { ioctl }; From 42505b525778eb6ac1cda388f4ce7d595ba01293 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 11 Dec 2023 04:05:14 +0000 Subject: [PATCH 153/321] Enforce kernel Fix: 307468756 Test: boot and no related avc error Change-Id: I284531a465cbeb264a04613aa0534cdb7f16dae2 --- tracking_denials/kernel.te | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 3dda63e..7a36039 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,5 +1,2 @@ -# b/307468756 -userdebug_or_eng(` - permissive kernel; -')# b/308381222 +# b/308381222 dontaudit kernel kernel:capability { net_bind_service }; From 7ebbc9cc66f5bf2b7922ba735d01ee0468dcb76f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 11 Dec 2023 03:55:10 +0000 Subject: [PATCH 154/321] Enforce network_stack Fix: 307468731 Test: make selinux_policy Change-Id: I4ddea23199ea7c595d1ba22c8a33aca899275930 --- tracking_denials/network_stack.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/network_stack.te diff --git a/tracking_denials/network_stack.te b/tracking_denials/network_stack.te deleted file mode 100644 index f3a9939..0000000 --- a/tracking_denials/network_stack.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468731 -userdebug_or_eng(` - permissive network_stack; -') \ No newline at end of file From cd447908ec05733288c6413b0b140b4207879659 Mon Sep 17 00:00:00 2001 From: Aaron Tsai Date: Thu, 21 Sep 2023 03:13:42 +0000 Subject: [PATCH 155/321] Add permission for setting gril property 08-23 16:41:13.524 1 1 I auditd : type=1107 audit(0.0:404): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=vendor.gril.recovery.count pid=1024 uid=1001 gid=1001 scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=1' Bug: 203824024 Test: manual test Change-Id: I0bc67815fde6651e54ea422e5fd3622846bb3c56 --- radio/hal_radioext_default.te | 1 + radio/property.te | 1 + radio/property_contexts | 3 +++ 3 files changed, 5 insertions(+) diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te index 6e17e19..fddd5aa 100644 --- a/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -4,6 +4,7 @@ init_daemon_domain(hal_radioext_default) hwbinder_use(hal_radioext_default) get_prop(hal_radioext_default, hwservicemanager_prop) +set_prop(hal_radioext_default, vendor_gril_prop) add_hwservice(hal_radioext_default, hal_radioext_hwservice) binder_call(hal_radioext_default, servicemanager) diff --git a/radio/property.te b/radio/property.te index 16ccefc..4a2cc46 100644 --- a/radio/property.te +++ b/radio/property.te @@ -6,6 +6,7 @@ vendor_internal_prop(vendor_persist_config_default_prop) vendor_internal_prop(vendor_diag_prop) vendor_internal_prop(vendor_modem_prop) vendor_internal_prop(vendor_rild_prop) +vendor_internal_prop(vendor_gril_prop) vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_imssvc_prop) diff --git a/radio/property_contexts b/radio/property_contexts index 0cad5bc..3f2c917 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -38,6 +38,9 @@ vendor.sys.rild_reset u:object_r:vendor_rild_prop:s0 persist.vendor.radio. u:object_r:vendor_rild_prop:s0 ro.vendor.config.build_carrier u:object_r:vendor_carrier_prop:s0 +# for GRIL +vendor.gril. u:object_r:vendor_gril_prop:s0 + # SSR Detector vendor.debug.ssrdump. u:object_r:vendor_ssrdump_prop:s0 persist.vendor.sys.ssr. u:object_r:vendor_ssrdump_prop:s0 From a74a2a8c467c9d552125b7a1f313f429043045ec Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 14 Dec 2023 02:44:03 +0000 Subject: [PATCH 156/321] Update error on ROM 11213495 Bug: 316238807 Test: SELinuxUncheckedDenialBootTest Change-Id: I07a1655ea915c3a189d6f0e2b2460c8f30db6c01 --- tracking_denials/hal_power_stats_default.te | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te index e4bd5df..dd6575a 100644 --- a/tracking_denials/hal_power_stats_default.te +++ b/tracking_denials/hal_power_stats_default.te @@ -1,4 +1,8 @@ # b/307468729 userdebug_or_eng(` permissive hal_power_stats_default; -') \ No newline at end of file +')# b/316238807 +dontaudit hal_power_stats_default sysfs_edgetpu:dir { search }; +dontaudit hal_power_stats_default sysfs_edgetpu:file { getattr }; +dontaudit hal_power_stats_default sysfs_edgetpu:file { open }; +dontaudit hal_power_stats_default sysfs_edgetpu:file { read }; From a7c90de7405702506b7f7593705c9f444412dba8 Mon Sep 17 00:00:00 2001 From: chenkris Date: Mon, 11 Dec 2023 03:45:16 +0000 Subject: [PATCH 157/321] fingerprint: fix SELinux denials Fix following AVC denials: 1. Could not enable service: File /vendor/bin/hw/android.hardware.biometrics.fingerprint-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined 2. Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. 3. avc: denied { ioctl } for path="/dev/goodix_fp" dev="tmpfs" ino=1499 ioctlcmd=0x6701 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=1 Bug: 315737323 Test: boot with no relevant error Change-Id: Ideeac108b8470232a258254437086451550fcc8d --- vendor/file_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index daf8956..9d12c9a 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -25,6 +25,8 @@ /vendor/bin/hw/android\.hardware\.security\.secretkeeper\.trusty u:object_r:hal_secretkeeper_default_exec:s0 /vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 /vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 # Vendor libraries /vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0 @@ -153,6 +155,7 @@ /dev/dma_heap/gcma_camera-uncached u:object_r:gcma_camera_heap_device:s0 /dev/qbt_ipc u:object_r:fingerprint_device:s0 /dev/qbt_fd u:object_r:fingerprint_device:s0 +/dev/goodix_fp u:object_r:fingerprint_device:s0 # Data /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 From d728e700c59ea990980565901693745b61e24451 Mon Sep 17 00:00:00 2001 From: Chien Kun Niu Date: Fri, 15 Dec 2023 17:43:39 +0800 Subject: [PATCH 158/321] Remove dontaudit hal_usb_impl The log does not show anymore. 12-04 08:13:49.098 415 415 I auditd : avc: denied { find } for pid=841 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=0 Bug: 314719241 Test: SELinuxUncheckedDenialBootTest Change-Id: I969dd0cb4d98b14253c74379fed59ac4748c1a5e Signed-off-by: Chien Kun Niu --- tracking_denials/hal_usb_impl.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/hal_usb_impl.te diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te deleted file mode 100644 index 8af0037..0000000 --- a/tracking_denials/hal_usb_impl.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/314719241 -dontaudit hal_usb_impl fwk_stats_service:service_manager { find }; From 3d57d2da26c487a7ba8a096cee5e08a598f2992e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 18 Dec 2023 04:30:35 +0000 Subject: [PATCH 159/321] Enforce vendor_init and allow tee and display access Fix: 307468733 Fix: 308381748 Fix: 312372803 Test: make selinux_policy Change-Id: Ic9c987e34bf8337e9a743371a00fd910442fab10 --- tracking_denials/vendor_init.te | 8 -------- vendor/vendor_init.te | 3 ++- 2 files changed, 2 insertions(+), 9 deletions(-) delete mode 100644 tracking_denials/vendor_init.te diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te deleted file mode 100644 index ff8d2b9..0000000 --- a/tracking_denials/vendor_init.te +++ /dev/null @@ -1,8 +0,0 @@ -# b/307468733 -userdebug_or_eng(` - permissive vendor_init; -')# b/308381748 -dontaudit vendor_init debugfs_trace_marker:file { getattr }; -dontaudit vendor_init default_prop:property_service { set }; -# b/312372803 -dontaudit vendor_init tee_data_file:lnk_file { read }; diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 8bb8ad3..a732da8 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -1,3 +1,4 @@ # USB property set_prop(vendor_init, vendor_usb_config_prop) - +set_prop(vendor_init, vendor_display_prop) +allow vendor_init tee_data_file:lnk_file read; From c8be909cd16179e8b2aec22ee8e838a53a25603e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 18 Dec 2023 04:48:14 +0000 Subject: [PATCH 160/321] Enforce system_server Fix: 307468690 Fix: 308381611 Test: make selinux_policy Change-Id: Ie5044b8b18077d4077b7c6c8a16544498368a7d2 --- tracking_denials/system_server.te | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 tracking_denials/system_server.te diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te deleted file mode 100644 index 837b5f8..0000000 --- a/tracking_denials/system_server.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/307468690 -userdebug_or_eng(` - permissive system_server; -')# b/308381611 -dontaudit system_server vendor_public_lib_file:dir { search }; From cbfa33fd9204bc520ec4b3a233e9daaefe7e860e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 18 Dec 2023 07:44:07 +0000 Subject: [PATCH 161/321] Move kernel from legacy to vendor Bug: 312143882 Test: make sepolicy Change-Id: I2ceb675b124aeeca2d94dd9c6095f0026df5a4bf --- legacy/zuma/vendor/kernel.te | 15 --------------- vendor/kernel.te | 15 +++++++++++++++ 2 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 legacy/zuma/vendor/kernel.te diff --git a/legacy/zuma/vendor/kernel.te b/legacy/zuma/vendor/kernel.te deleted file mode 100644 index 0f2e18e..0000000 --- a/legacy/zuma/vendor/kernel.te +++ /dev/null @@ -1,15 +0,0 @@ -allow kernel vendor_fw_file:dir search; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/kernel.te b/vendor/kernel.te index 63a6f35..edebca6 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -1 +1,16 @@ dontaudit kernel vendor_usb_debugfs:dir search; +allow kernel vendor_fw_file:dir r_file_perms; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; + allow kernel vendor_regmap_debugfs:dir search; +') + From 38c42d88ac44acc81dd101913b91142852fb8720 Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Mon, 18 Dec 2023 16:29:20 +0800 Subject: [PATCH 162/321] sepolicy: allow hal_power_stats to read sysfs_edgetpu Bug: 316238807 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I5b146cf8bf6fc7b6d135a38a568b016d1e125f2a Signed-off-by: Darren Hsu --- tracking_denials/hal_power_stats_default.te | 6 +----- {legacy/zuma/vendor => vendor}/hal_power_stats_default.te | 1 + 2 files changed, 2 insertions(+), 5 deletions(-) rename {legacy/zuma/vendor => vendor}/hal_power_stats_default.te (94%) diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te index dd6575a..c9b6e73 100644 --- a/tracking_denials/hal_power_stats_default.te +++ b/tracking_denials/hal_power_stats_default.te @@ -1,8 +1,4 @@ # b/307468729 userdebug_or_eng(` permissive hal_power_stats_default; -')# b/316238807 -dontaudit hal_power_stats_default sysfs_edgetpu:dir { search }; -dontaudit hal_power_stats_default sysfs_edgetpu:file { getattr }; -dontaudit hal_power_stats_default sysfs_edgetpu:file { open }; -dontaudit hal_power_stats_default sysfs_edgetpu:file { read }; +') diff --git a/legacy/zuma/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te similarity index 94% rename from legacy/zuma/vendor/hal_power_stats_default.te rename to vendor/hal_power_stats_default.te index 2845a0a..012debc 100644 --- a/legacy/zuma/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -3,6 +3,7 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) +r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) r_dir_file(hal_power_stats_default, sysfs_odpm) From 20689064e30a79454b312bcb1f92d256216f4fda Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 19 Dec 2023 06:03:26 +0000 Subject: [PATCH 163/321] Update error on ROM 11230529 Bug: 316989074 Bug: 316989258 Test: SELinuxUncheckedDenialBootTest Change-Id: I4a1f615e129ee3a3c2c9a1545ea15bc9ebc246ec --- tracking_denials/hal_usb_impl.te | 2 ++ tracking_denials/pixelntnservice_app.te | 2 ++ 2 files changed, 4 insertions(+) create mode 100644 tracking_denials/hal_usb_impl.te create mode 100644 tracking_denials/pixelntnservice_app.te diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te new file mode 100644 index 0000000..79f688d --- /dev/null +++ b/tracking_denials/hal_usb_impl.te @@ -0,0 +1,2 @@ +# b/316989074 +dontaudit hal_usb_impl fwk_stats_service:service_manager { find }; diff --git a/tracking_denials/pixelntnservice_app.te b/tracking_denials/pixelntnservice_app.te new file mode 100644 index 0000000..bdc1ec9 --- /dev/null +++ b/tracking_denials/pixelntnservice_app.te @@ -0,0 +1,2 @@ +# b/316989258 +dontaudit pixelntnservice_app radio_service:service_manager { find }; From 62184e79531e5aa4d6873362dd0c502cd53a62b4 Mon Sep 17 00:00:00 2001 From: Chi Zhang Date: Wed, 29 Nov 2023 16:35:18 -0800 Subject: [PATCH 164/321] Allow GRIL to get power stats. SELinux : avc: denied { find } for pid=3147 uid=10219 name=android.hardware.power.stats.IPowerStats/default scontext=u:r:grilservice_app:s0:c219,c256,c512,c768 tcontext=u:object_r:hal_power_stats_service:s0 tclass=service_manager permissive=1 Bug: 286187143 Test: build and boot Change-Id: I42c78a68a145c4f390e43c457a241b7c8db577bf --- radio/grilservice_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 2525bab..251fe1b 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -15,3 +15,4 @@ binder_call(grilservice_app, hal_radioext_default) binder_call(grilservice_app, hal_wifi_ext) binder_call(grilservice_app, hal_audiometricext_default) binder_call(grilservice_app, rild) +hal_client_domain(grilservice_app, hal_power_stats) From 58f2081f97200a346fdde8ee2425adb17560bdc9 Mon Sep 17 00:00:00 2001 From: Zheng Pan Date: Wed, 20 Dec 2023 02:32:04 +0000 Subject: [PATCH 165/321] Revert "Move kernel from legacy to vendor" This reverts commit cbfa33fd9204bc520ec4b3a233e9daaefe7e860e. Reason for revert: b/317131577 Change-Id: Iafd9dc574c59f627b049ad7a955173d562d1444e --- legacy/zuma/vendor/kernel.te | 15 +++++++++++++++ vendor/kernel.te | 15 --------------- 2 files changed, 15 insertions(+), 15 deletions(-) create mode 100644 legacy/zuma/vendor/kernel.te diff --git a/legacy/zuma/vendor/kernel.te b/legacy/zuma/vendor/kernel.te new file mode 100644 index 0000000..0f2e18e --- /dev/null +++ b/legacy/zuma/vendor/kernel.te @@ -0,0 +1,15 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/kernel.te b/vendor/kernel.te index edebca6..63a6f35 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -1,16 +1 @@ dontaudit kernel vendor_usb_debugfs:dir search; -allow kernel vendor_fw_file:dir r_file_perms; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; - allow kernel vendor_regmap_debugfs:dir search; -') - From 14ca9862d269cf3854f842bd4c18b134a2b7637d Mon Sep 17 00:00:00 2001 From: Chien Kun Niu Date: Tue, 19 Dec 2023 16:42:35 +0800 Subject: [PATCH 166/321] hal_usb_impl: allow fwk_stats_service 12-18 11:12:58.401 443 443 I auditd : avc: denied { find } for pid=865 uid=1000 name=android.frameworks.stats.IStats/default scontext=u:r:hal_usb_impl:s0 tcontext=u:object_r:fwk_stats_service:s0 tclass=service_manager permissive=0 Bug: 316989074 Change-Id: I74867901f513926379cd2ba35140a5ccb582467f Signed-off-by: Chien Kun Niu --- tracking_denials/hal_usb_impl.te | 2 -- vendor/hal_usb_impl.te | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) delete mode 100644 tracking_denials/hal_usb_impl.te diff --git a/tracking_denials/hal_usb_impl.te b/tracking_denials/hal_usb_impl.te deleted file mode 100644 index 79f688d..0000000 --- a/tracking_denials/hal_usb_impl.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/316989074 -dontaudit hal_usb_impl fwk_stats_service:service_manager { find }; diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index ff8ea5a..4ab9fbc 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -15,3 +15,6 @@ wakelock_use(hal_usb_impl); # For interfacing with ThermalHAL hal_client_domain(hal_usb_impl, hal_thermal); + +# Needed for reporting Usb Overheat suez event through statsd +allow hal_usb_impl fwk_stats_service:service_manager find; From df72029b33e6470e79dac8a3522fb7eded5495fd Mon Sep 17 00:00:00 2001 From: Lei Ju Date: Wed, 20 Dec 2023 11:47:21 -0800 Subject: [PATCH 167/321] [zumapro] Remove duplicated file context settings for chre HAL Bug: 248615564 Test: compilation Change-Id: If21138ee1f85e1832ff3bf9a6d8dc16206f3b0ed --- vendor/file_contexts | 1 - 1 file changed, 1 deletion(-) diff --git a/vendor/file_contexts b/vendor/file_contexts index 9d12c9a..8d003a5 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -13,7 +13,6 @@ /vendor/bin/hw/android\.hardware\.secure_element-service\.thales u:object_r:hal_secure_element_st54spi_aidl_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element-service.uicc u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@2\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/dump/dump_gsa\.sh u:object_r:dump_gsa_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 From fb17bd5b94ce84cca57d5e7a479aa18eda26d132 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 21 Dec 2023 07:30:09 +0000 Subject: [PATCH 168/321] Update error on ROM 11240525 Bug: 317315498 Bug: 317316031 Test: SELinuxUncheckedDenialBootTest Change-Id: I9739736d2f5399e9a4d88f8923f095fa223610ff --- tracking_denials/system_server.te | 2 ++ tracking_denials/vendor_init.te | 3 +++ 2 files changed, 5 insertions(+) create mode 100644 tracking_denials/system_server.te create mode 100644 tracking_denials/vendor_init.te diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te new file mode 100644 index 0000000..3c9fb6b --- /dev/null +++ b/tracking_denials/system_server.te @@ -0,0 +1,2 @@ +# b/317315498 +dontaudit system_server vendor_public_lib_file:dir { search }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te new file mode 100644 index 0000000..68d49ee --- /dev/null +++ b/tracking_denials/vendor_init.te @@ -0,0 +1,3 @@ +# b/317316031 +dontaudit vendor_init debugfs_trace_marker:file { getattr }; +dontaudit vendor_init default_prop:property_service { set }; From 3c5bb2ab43c318a5ee908c92d9350ba1e2196f78 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Thu, 21 Dec 2023 11:21:36 +0000 Subject: [PATCH 169/321] Allow systemui_app access statsmanager_service Bug: 283841311 Bug: 308381668 Fix: 308381668 Test: make sepolicy Change-Id: I71888ee14637ab10d983709a4c74d8186d77d4bd --- private/systemui_app.te | 2 -- system_ext/private/systemui_app.te | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/private/systemui_app.te b/private/systemui_app.te index cfd0862..8b13789 100644 --- a/private/systemui_app.te +++ b/private/systemui_app.te @@ -1,3 +1 @@ -# b/308381668 -dontaudit systemui_app statsmanager_service:service_manager { find }; diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te index c34c911..741d49f 100644 --- a/system_ext/private/systemui_app.te +++ b/system_ext/private/systemui_app.te @@ -11,6 +11,7 @@ allow systemui_app mediaextractor_service:service_manager find; allow systemui_app mediametrics_service:service_manager find; allow systemui_app radio_service:service_manager find; allow systemui_app vr_manager_service:service_manager find; +allow systemui_app statsmanager_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) From 83346b954be809b81346848935ba246233110b26 Mon Sep 17 00:00:00 2001 From: Randall Huang Date: Tue, 26 Dec 2023 10:53:43 +0800 Subject: [PATCH 170/321] storage: remove pixelstats_vendor tracking_denials Bug: 307468925 Test: pixel/022 Change-Id: I7a1b29e0087cc500db9f7e824b3bda5c68d93d8f Signed-off-by: Randall Huang --- tracking_denials/pixelstats_vendor.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/pixelstats_vendor.te diff --git a/tracking_denials/pixelstats_vendor.te b/tracking_denials/pixelstats_vendor.te deleted file mode 100644 index 78c5c53..0000000 --- a/tracking_denials/pixelstats_vendor.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468925 -userdebug_or_eng(` - permissive pixelstats_vendor; -') \ No newline at end of file From 1fe9320c5c0fa2c68116e76f280d610ec9f283cc Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 03:42:52 +0000 Subject: [PATCH 171/321] Update error on ROM 11253256 Bug: 317735109 Test: SELinuxUncheckedDenialBootTest Change-Id: I86d5ab2ac42b2014eeffe704ed695112ca6fdce8 --- tracking_denials/rfsd.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/rfsd.te diff --git a/tracking_denials/rfsd.te b/tracking_denials/rfsd.te new file mode 100644 index 0000000..c3073fb --- /dev/null +++ b/tracking_denials/rfsd.te @@ -0,0 +1,2 @@ +# b/317735109 +dontaudit rfsd vendor_cbd_prop:file { read }; From d4ef02f267701b12a9d05e89343c1ded20e0e9b9 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 09:07:40 +0000 Subject: [PATCH 172/321] Update error on ROM 11254151 Bug: 317754250 Bug: 317753346 Bug: 317754251 Test: SELinuxUncheckedDenialBootTest Change-Id: I4b139e37942093efe413c78bcf4ccc777c50d371 --- tracking_denials/hal_graphics_composer_default.te | 2 ++ tracking_denials/system_server.te | 2 ++ tracking_denials/vendor_init.te | 2 ++ 3 files changed, 6 insertions(+) create mode 100644 tracking_denials/hal_graphics_composer_default.te diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te new file mode 100644 index 0000000..a2a9620 --- /dev/null +++ b/tracking_denials/hal_graphics_composer_default.te @@ -0,0 +1,2 @@ +# b/317754250 +dontaudit hal_graphics_composer_default vendor_default_prop:property_service { set }; diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te index 3c9fb6b..b90fa6d 100644 --- a/tracking_denials/system_server.te +++ b/tracking_denials/system_server.te @@ -1,2 +1,4 @@ # b/317315498 dontaudit system_server vendor_public_lib_file:dir { search }; +# b/317753346 +dontaudit system_server sysfs:file { read }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 68d49ee..a006e27 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,3 +1,5 @@ # b/317316031 dontaudit vendor_init debugfs_trace_marker:file { getattr }; dontaudit vendor_init default_prop:property_service { set }; +# b/317754251 +dontaudit vendor_init vendor_camera_debug_prop:property_service { set }; From d6744d5856cfea35cd03d87cca91f2ea4a328ab3 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 17:34:47 +0800 Subject: [PATCH 173/321] label Extcon files Fix: 317753346 Test: Boot with target files labeled correctly Change-Id: I9941ec615c21a16f2235b6abfd8b3e62a0d913b2 --- tracking_denials/system_server.te | 2 -- vendor/genfs_contexts | 4 ++++ 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tracking_denials/system_server.te b/tracking_denials/system_server.te index b90fa6d..3c9fb6b 100644 --- a/tracking_denials/system_server.te +++ b/tracking_denials/system_server.te @@ -1,4 +1,2 @@ # b/317315498 dontaudit system_server vendor_public_lib_file:dir { search }; -# b/317753346 -dontaudit system_server sysfs:file { read }; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a719d1a..07a6809 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -308,3 +308,7 @@ genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:ob # OTA genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 + +# Extcon +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon u:object_r:sysfs_extcon:s0 + From 2dad12b04189ebcdd976bd0f80954091de877711 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 19:21:42 +0800 Subject: [PATCH 174/321] Enforce sysUI Fix: 307468867 Test: boot-to-home Change-Id: Ie6d28c523e905bc850ab8ce0fe22fd51b762bb80 --- tracking_denials/systemui_app.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/systemui_app.te diff --git a/tracking_denials/systemui_app.te b/tracking_denials/systemui_app.te deleted file mode 100644 index 9b32ff4..0000000 --- a/tracking_denials/systemui_app.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468867 -userdebug_or_eng(` - permissive systemui_app; -') From 050406d4bc922f2e432c2619d7d700f1e782700f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 21:31:48 +0800 Subject: [PATCH 175/321] Enforce servicemanager Fix: 307468945 Test: make sepolicy Change-Id: I2bad0fcac1d7a6388fb9790bcc9fcbe4cdb31a4a --- tracking_denials/servicemanager.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/servicemanager.te diff --git a/tracking_denials/servicemanager.te b/tracking_denials/servicemanager.te deleted file mode 100644 index 9e0515b..0000000 --- a/tracking_denials/servicemanager.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468945 -userdebug_or_eng(` - permissive servicemanager; -') \ No newline at end of file From 744d309e44344f0c825f78ad5b87c256384cff77 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 20:07:20 +0800 Subject: [PATCH 176/321] Add wakeup node Fix: 308381292 Test: make sepolicy Change-Id: I32a45a3b862ffbe9f53f88ca97bdad52e5678931 --- tracking_denials/system_suspend.te | 16 ---------------- vendor/genfs_contexts | 8 ++++++++ 2 files changed, 8 insertions(+), 16 deletions(-) delete mode 100644 tracking_denials/system_suspend.te diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te deleted file mode 100644 index 006eb47..0000000 --- a/tracking_denials/system_suspend.te +++ /dev/null @@ -1,16 +0,0 @@ -# b/308381292 -dontaudit system_suspend_server sysfs:dir { open }; -dontaudit system_suspend_server sysfs:dir { read }; -dontaudit system_suspend_server sysfs:file { getattr }; -dontaudit system_suspend_server sysfs:file { open }; -dontaudit system_suspend_server sysfs:file { read }; -dontaudit system_suspend_server sysfs_batteryinfo:dir { open }; -dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; -dontaudit system_suspend_server sysfs_batteryinfo:file { getattr }; -dontaudit system_suspend_server sysfs_batteryinfo:file { open }; -dontaudit system_suspend_server sysfs_batteryinfo:file { read }; -dontaudit system_suspend_server sysfs_wlc:dir { open }; -dontaudit system_suspend_server sysfs_wlc:dir { read }; -dontaudit system_suspend_server sysfs_wlc:file { getattr }; -dontaudit system_suspend_server sysfs_wlc:file { open }; -dontaudit system_suspend_server sysfs_wlc:file { read }; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index a719d1a..117edda 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -53,12 +53,19 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 @@ -77,6 +84,7 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 From 2b70f82f1d1a1a5ee035cce91f568da87c29fa7f Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 20:39:25 +0800 Subject: [PATCH 177/321] Move kernel from legacy to vendor Bug: 312143882 Test: make sepolicy Change-Id: I01b192c7d60cda8e52f6a3fffd5e0dec7a660172 --- legacy/zuma/vendor/kernel.te | 15 --------------- vendor/kernel.te | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 15 deletions(-) delete mode 100644 legacy/zuma/vendor/kernel.te diff --git a/legacy/zuma/vendor/kernel.te b/legacy/zuma/vendor/kernel.te deleted file mode 100644 index 0f2e18e..0000000 --- a/legacy/zuma/vendor/kernel.te +++ /dev/null @@ -1,15 +0,0 @@ -allow kernel vendor_fw_file:dir search; -allow kernel vendor_fw_file:file r_file_perms; - -# ZRam -allow kernel per_boot_file:file r_file_perms; - -# memlat needs permision to create/delete perf events when hotplug on/off -allow kernel self:capability2 perfmon; -allow kernel self:perf_event cpu; - -no_debugfs_restriction(` - allow kernel vendor_battery_debugfs:dir search; -') - -allow kernel vendor_regmap_debugfs:dir search; diff --git a/vendor/kernel.te b/vendor/kernel.te index 63a6f35..e4f65cd 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -1 +1,17 @@ +allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:file r_file_perms; + +# ZRam +allow kernel per_boot_file:file r_file_perms; + +# memlat needs permision to create/delete perf events when hotplug on/off +allow kernel self:capability2 perfmon; +allow kernel self:perf_event cpu; + +no_debugfs_restriction(` + allow kernel vendor_battery_debugfs:dir search; +') + +allow kernel vendor_regmap_debugfs:dir search; + dontaudit kernel vendor_usb_debugfs:dir search; From 83457991664c9a6efb052c2541be3048939bd40e Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 20:40:49 +0800 Subject: [PATCH 178/321] Add kernel vendor_fw_file dir read permission Fix: 288049349 Change-Id: I76751deb04e5b6a4362917c76764cddc74d0f76d --- vendor/kernel.te | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/kernel.te b/vendor/kernel.te index e4f65cd..ac9c987 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -1,4 +1,4 @@ -allow kernel vendor_fw_file:dir search; +allow kernel vendor_fw_file:dir r_dir_perms; allow kernel vendor_fw_file:file r_file_perms; # ZRam From 4cad299072a644bbce5681949bb79569bc738f9d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 26 Dec 2023 19:14:49 +0800 Subject: [PATCH 179/321] Allow systemui to write protolog file This is enabled on debuggable builds only, includes - Grant mlstrustedsubject typeattribute to wm_trace_data_file - Grant systemui the write access to wm_trace_data_file Bug: 251513116 Bug: 288049075 Test: make sepolicy Change-Id: I47c9bbf13835b2e7eaac3e2b436e3b486ce02431 --- system_ext/private/systemui_app.te | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te index 741d49f..6d3d87f 100644 --- a/system_ext/private/systemui_app.te +++ b/system_ext/private/systemui_app.te @@ -16,3 +16,10 @@ allow systemui_app statsmanager_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) get_prop(systemui_app, qemu_hw_prop) + +# Allow writing and removing wmshell protolog in /data/misc/wmtrace. +userdebug_or_eng(` + allow systemui_app wm_trace_data_file:dir rw_dir_perms; + allow systemui_app wm_trace_data_file:file create_file_perms; +') + From 415278abac244cb8ef48b8a6f1aa5678b8a04c2a Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 27 Dec 2023 13:52:31 +0800 Subject: [PATCH 180/321] Enforce fastbootd Fix: 307468887 Test: boot-to-home and flash rom Change-Id: I11427ca4d17a83c278463cc68e4935148a0d57b6 --- tracking_denials/fastbootd.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/fastbootd.te diff --git a/tracking_denials/fastbootd.te b/tracking_denials/fastbootd.te deleted file mode 100644 index 7b5497a..0000000 --- a/tracking_denials/fastbootd.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468887 -userdebug_or_eng(` - permissive fastbootd; -') \ No newline at end of file From 594b74b4474349ee453b726fd2a17d695e2e3fc7 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 27 Dec 2023 13:51:22 +0800 Subject: [PATCH 181/321] Enforce system_suspend Bug: 308381292 Test: boot-to-home Change-Id: I1c22cd8af868183afbfe567a31af6069b81eebe0 --- private/system_suspend.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 private/system_suspend.te diff --git a/private/system_suspend.te b/private/system_suspend.te deleted file mode 100644 index f126523..0000000 --- a/private/system_suspend.te +++ /dev/null @@ -1,3 +0,0 @@ -userdebug_or_eng(` - permissive system_suspend; -') From df88fd4e1cc5f3d823e814988eaef340a6ef4ebe Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 27 Dec 2023 16:41:50 +0800 Subject: [PATCH 182/321] Add dc-main wakeup node Bug: 308381292 Test: boot-to-home Change-Id: I0165b4afab3b62bf4fec4ce6864cc1e8c6fc841a --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e62033b..8bdc962 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -53,6 +53,7 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 From 720ab6329b528a0493168296bae1b32422b1235d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 29 Dec 2023 04:33:07 +0000 Subject: [PATCH 183/321] Update error on ROM 11259228 Bug: 318032188 Test: SELinuxUncheckedDenialBootTest Change-Id: I6d3f31d49cc64ee911367de6e61d5e4e1b7e280b --- tracking_denials/system_suspend.te | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 tracking_denials/system_suspend.te diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te new file mode 100644 index 0000000..e94e767 --- /dev/null +++ b/tracking_denials/system_suspend.te @@ -0,0 +1,4 @@ +# b/318032188 +dontaudit system_suspend_server sysfs:dir { read }; +dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; +dontaudit system_suspend_server sysfs_wlc:dir { read }; From 2b26409d084f5d0c8fdc28119e05d2ee8c2b0ddb Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 29 Dec 2023 05:04:50 +0000 Subject: [PATCH 184/321] Update error on ROM 11260603 Bug: 318033504 Test: SELinuxUncheckedDenialBootTest Change-Id: I86190052aaaebc94f1eb7e670e1a7da312d537a3 --- tracking_denials/kernel.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 7a36039..7418850 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,2 +1,4 @@ # b/308381222 dontaudit kernel kernel:capability { net_bind_service }; +# b/318033504 +dontaudit kernel vendor_votable_debugfs:dir { search }; From cc395b9c2ba4fb917f7a0af9771c4c74695e5e95 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 2 Jan 2024 03:23:04 +0000 Subject: [PATCH 185/321] Update error on ROM 11262681 Bug: 318308344 Test: SELinuxUncheckedDenialBootTest Change-Id: Iafeb3ff1bc6ddeb93810bff26aff82399bcda679 --- tracking_denials/hal_radioext_default.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te index 7ea2914..0072f8d 100644 --- a/tracking_denials/hal_radioext_default.te +++ b/tracking_denials/hal_radioext_default.te @@ -1,2 +1,4 @@ # b/315105050 dontaudit hal_radioext_default radio_vendor_data_file:file { ioctl }; +# b/318308344 +dontaudit hal_radioext_default hal_bluetooth_coexistence_service:service_manager { find }; From 5a8206a8e40464ab0e5570556a174c7622247df2 Mon Sep 17 00:00:00 2001 From: Hung-Yeh Lee Date: Wed, 27 Dec 2023 10:58:49 +0800 Subject: [PATCH 186/321] sepolicy: add persist.vendor.primarydisplay. to vendor_display_prop Copy sepolicy from zuma to fix the following avc denied: auditd : type=1107 audit(0.0:11): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.primarydisplay.op.peak_refresh_rate pid=510 uid=1000 gid=1003 scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:vendor_default_prop:s0 tclass=property_service permissive=0' Bug: 286063708 Bug: 286063029 Bug: 317754250 Test: Run VtsHalGraphicsComposer3_TargetTest Change-Id: Ib5e83927ebebf05a640d127d9d11e94df101f224 --- tracking_denials/hal_graphics_composer_default.te | 2 -- vendor/property_contexts | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 tracking_denials/hal_graphics_composer_default.te diff --git a/tracking_denials/hal_graphics_composer_default.te b/tracking_denials/hal_graphics_composer_default.te deleted file mode 100644 index a2a9620..0000000 --- a/tracking_denials/hal_graphics_composer_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/317754250 -dontaudit hal_graphics_composer_default vendor_default_prop:property_service { set }; diff --git a/vendor/property_contexts b/vendor/property_contexts index 051c4dc..7503d57 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -24,3 +24,5 @@ vendor.battery.defender. u:object_r:vendor_battery_defender_pr # Mali GPU driver configuration and debug options vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix +# Display +persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix From 7c0879939aef5c553a985c37b8c3eae3450da2de Mon Sep 17 00:00:00 2001 From: Aaron Tsai Date: Wed, 3 Jan 2024 04:20:25 +0000 Subject: [PATCH 187/321] Fix avc denied for hal_radioext_default 01-02 03:20:32.967 421 421 I auditd : avc: denied { find } for pid=900 uid=1001 name=vendor.google.bluetooth_ext.IBTChannelAvoidance/default scontext=u:r:hal_radioext_default:s0 tcontext=u:object_r:hal_bluetooth_coexistence_service:s0 tclass=service_manager permissive=0 Bug: 318308344 Test: manual test Change-Id: Ied0dd27d86cfc4512c08a26d02499ba9b816ed78 --- radio/hal_radioext_default.te | 1 + tracking_denials/hal_radioext_default.te | 2 -- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te index fddd5aa..25cb7e5 100644 --- a/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -20,6 +20,7 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; # Twoshay binder_use(hal_radioext_default) diff --git a/tracking_denials/hal_radioext_default.te b/tracking_denials/hal_radioext_default.te index 0072f8d..7ea2914 100644 --- a/tracking_denials/hal_radioext_default.te +++ b/tracking_denials/hal_radioext_default.te @@ -1,4 +1,2 @@ # b/315105050 dontaudit hal_radioext_default radio_vendor_data_file:file { ioctl }; -# b/318308344 -dontaudit hal_radioext_default hal_bluetooth_coexistence_service:service_manager { find }; From e417775b174f3a442efa2d34a5a50575e16b0a68 Mon Sep 17 00:00:00 2001 From: guibing Date: Fri, 5 Jan 2024 21:58:20 +0000 Subject: [PATCH 188/321] zumapro: sepolicy: remove power hal denial tracker. Remove the power hal denial tracker. Add the missing devfreq related configuration. Bug: 307468758 Test: Power hal works without related avc errors. Change-Id: I038bc7701deeada4d70ef2ed17d5db64ba5b4d03 --- tracking_denials/hal_power_default.te | 6 ------ vendor/genfs_contexts | 1 + 2 files changed, 1 insertion(+), 6 deletions(-) delete mode 100644 tracking_denials/hal_power_default.te diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te deleted file mode 100644 index 269a0d3..0000000 --- a/tracking_denials/hal_power_default.te +++ /dev/null @@ -1,6 +0,0 @@ -# b/307468758 -userdebug_or_eng(` - permissive hal_power_default; -')# b/312372857 -dontaudit hal_power_default sysfs:file { open }; -dontaudit hal_power_default sysfs:file { write }; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8bdc962..2bffc51 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -210,6 +210,7 @@ genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:obj # Camera genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0 genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 From 90798eb40e4d1b3811fe7835d910042c295daa0c Mon Sep 17 00:00:00 2001 From: Achigo Liu Date: Fri, 5 Jan 2024 20:25:57 +0800 Subject: [PATCH 189/321] Fixes adb user unauthorized on user builds Allow systemui to find adbd Bug: 318808947 Change-Id: Ifb88a64b851a64338191dd4f40b6b60a9bee5039 Signed-off-by: Achigo Liu --- system_ext/private/systemui_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te index 741d49f..f981bd4 100644 --- a/system_ext/private/systemui_app.te +++ b/system_ext/private/systemui_app.te @@ -12,6 +12,7 @@ allow systemui_app mediametrics_service:service_manager find; allow systemui_app radio_service:service_manager find; allow systemui_app vr_manager_service:service_manager find; allow systemui_app statsmanager_service:service_manager find; +allow systemui_app adb_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) From 6285ad387d8845aec62170e079c4da40c5dd9fb9 Mon Sep 17 00:00:00 2001 From: Mahesh Kallelil Date: Sat, 6 Jan 2024 08:09:48 -0800 Subject: [PATCH 190/321] Allow dump_modem to read logbuffer and wakeup events Updating sepolicy for dump_modem to read /dev/logbuffer_cpif. This is required as part of bugreport. Test: Tested bugreport on device Bug: 318949647 Change-Id: Ica70258200432633681b8d222a56c21aac427d86 Signed-off-by: Mahesh Kallelil --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 8d003a5..8398b3e 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -124,6 +124,7 @@ /dev/logbuffer_max77779fg u:object_r:logbuffer_device:s0 /dev/logbuffer_pca9468 u:object_r:logbuffer_device:s0 /dev/logbuffer_cpm u:object_r:logbuffer_device:s0 +/dev/logbuffer_cpif u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 /dev/lwis-be-core u:object_r:lwis_device:s0 From 95ab7f7ea93ddaa8dc0a5cfc33d0df5505e1fce3 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 5 Jan 2024 15:27:16 +0000 Subject: [PATCH 191/321] Allow sysUI access nfc_service Bug: 307468867 Test: make sepolicy Change-Id: Iee2c35b92024c56ff6120d1b7c751b2021e5ae6e --- system_ext/private/systemui_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te index 93ce4d0..a52aa2a 100644 --- a/system_ext/private/systemui_app.te +++ b/system_ext/private/systemui_app.te @@ -12,6 +12,7 @@ allow systemui_app mediametrics_service:service_manager find; allow systemui_app radio_service:service_manager find; allow systemui_app vr_manager_service:service_manager find; allow systemui_app statsmanager_service:service_manager find; +allow systemui_app nfc_service:service_manager find; allow systemui_app adb_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) From 337ca6831396fbfe5f0f31a98e61c0f202a213f8 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 8 Jan 2024 16:00:09 +0800 Subject: [PATCH 192/321] Label and sort wakeup nodes Bug: 318032188 Test: make sepolicy Change-Id: I8dfa35034657ff98957373818e98b5bf836e7a4b --- vendor/genfs_contexts | 76 ++++++++++++++++++++++++++----------------- 1 file changed, 46 insertions(+), 30 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8bdc962..1bf239c 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -39,50 +39,66 @@ genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:obje genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 # wake up nodes -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/10870000.uart/tty/ttySAC0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/155d0000.serial/tty/ttySAC18/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.bt.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/17000000.aoc/com.google.bt/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/17000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/power/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/rtc/rtc0/alarmtimer.1.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-rtc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/cpif/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,battery/power_supply/battery/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,cpm/power_supply/gcpm_pps/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gpio_keys/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/odm/odm:btbcm/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 From 55d942e762ce669d7b3b258ed3530076371e5de6 Mon Sep 17 00:00:00 2001 From: Ramya Subramanian Date: Fri, 5 Jan 2024 23:59:00 +0000 Subject: [PATCH 193/321] thermal: remove tracking denials for hal_thermal Bug: 307468692 Test: Tested thermal service with the file removed Change-Id: Ic3f698f2be89c9ee86aa91fdcb139cfd95751c29 Signed-off-by: Ramya Subramanian --- tracking_denials/thermal_link_device.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/thermal_link_device.te diff --git a/tracking_denials/thermal_link_device.te b/tracking_denials/thermal_link_device.te deleted file mode 100644 index 1298dd6..0000000 --- a/tracking_denials/thermal_link_device.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468692 -userdebug_or_eng(` - permissive thermal_link_device; -') \ No newline at end of file From 3bbde83710c59f5c25f80c520dd3587cf2ee0a90 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Wed, 10 Jan 2024 06:14:52 +0000 Subject: [PATCH 194/321] selinux: label wakeup for BMS I2C 0x36, 0x69 Bug: 319035561 Change-Id: Id82f3fd351190102c87ff2a8c16d56a581a6e45d Signed-off-by: Ken Yang --- vendor/genfs_contexts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 41db252..73e336a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -39,7 +39,6 @@ genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:obje genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 # wake up nodes - genfscon sysfs /devices/platform/10870000.uart/tty/ttySAC0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 @@ -48,12 +47,14 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/po genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/dc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply/main-charger/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 From b376cb8cd1fe127284c3b1febe8e824c02143166 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 10 Jan 2024 10:49:19 +0000 Subject: [PATCH 195/321] Update error on ROM 11294806 Bug: 319399862 Test: SELinuxUncheckedDenialBootTest Change-Id: I99331843251adb8f994170714e6f2c7cc28f2b2b --- tracking_denials/hal_audio_default.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/hal_audio_default.te diff --git a/tracking_denials/hal_audio_default.te b/tracking_denials/hal_audio_default.te new file mode 100644 index 0000000..a2d3250 --- /dev/null +++ b/tracking_denials/hal_audio_default.te @@ -0,0 +1,2 @@ +# b/319399862 +dontaudit hal_audio_default bluetooth_prop:file { read }; From 84b93cfb16c6fb9c73f3f99198fd683f2ab20ee7 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Wed, 10 Jan 2024 19:08:42 +0800 Subject: [PATCH 196/321] Remove system_suspend dontaudit Fix: 318032188 Test: make sepolicy Change-Id: I216fb901e5cc2ffdb3906da2d88e830e29d0e476 --- tracking_denials/system_suspend.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/system_suspend.te diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te deleted file mode 100644 index e94e767..0000000 --- a/tracking_denials/system_suspend.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/318032188 -dontaudit system_suspend_server sysfs:dir { read }; -dontaudit system_suspend_server sysfs_batteryinfo:dir { read }; -dontaudit system_suspend_server sysfs_wlc:dir { read }; From 31a27225de8d8606effab85d865c0a962af9c4d7 Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Wed, 10 Jan 2024 21:11:34 +0800 Subject: [PATCH 197/321] sepolicy: enable enforcing for hal_power_stats Bug: 307468729 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I2522e317542e441fe9cede3e314081478f8b6158 Signed-off-by: Darren Hsu --- tracking_denials/hal_power_stats_default.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/hal_power_stats_default.te diff --git a/tracking_denials/hal_power_stats_default.te b/tracking_denials/hal_power_stats_default.te deleted file mode 100644 index c9b6e73..0000000 --- a/tracking_denials/hal_power_stats_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468729 -userdebug_or_eng(` - permissive hal_power_stats_default; -') From 1e31efbc3a85f5b285b4168a0e07dc0e9f9eb285 Mon Sep 17 00:00:00 2001 From: Allen Xu Date: Fri, 5 Jan 2024 22:59:42 +0000 Subject: [PATCH 198/321] Update sepolicy for ConnectivityMonitor Bug: 307468771 Test: v2/pixel-health-guard/device-boot-health-check-extra Change-Id: I08caf6a8e48118151df72ad883490551af0c464c --- tracking_denials/con_monitor_app.te | 14 -------------- vendor/con_monitor_app.te | 8 ++++++++ 2 files changed, 8 insertions(+), 14 deletions(-) diff --git a/tracking_denials/con_monitor_app.te b/tracking_denials/con_monitor_app.te index cd49788..e69de29 100644 --- a/tracking_denials/con_monitor_app.te +++ b/tracking_denials/con_monitor_app.te @@ -1,14 +0,0 @@ -# b/307468771 -userdebug_or_eng(` - permissive con_monitor_app; -')# b/308381432 -dontaudit con_monitor_app activity_service:service_manager { find }; -dontaudit con_monitor_app content_capture_service:service_manager { find }; -dontaudit con_monitor_app game_service:service_manager { find }; -dontaudit con_monitor_app netstats_service:service_manager { find }; -# b/309732305 -dontaudit con_monitor_app batterystats_service:service_manager { find }; -dontaudit con_monitor_app init:unix_stream_socket { connectto }; -dontaudit con_monitor_app property_socket:sock_file { write }; -dontaudit con_monitor_app radio_prop:property_service { set }; -dontaudit con_monitor_app virtual_device_service:service_manager { find }; diff --git a/vendor/con_monitor_app.te b/vendor/con_monitor_app.te index 814c5e8..2fffbb5 100644 --- a/vendor/con_monitor_app.te +++ b/vendor/con_monitor_app.te @@ -1,3 +1,11 @@ # ConnectivityMonitor app type con_monitor_app, domain; app_domain(con_monitor_app); + +allow con_monitor_app app_api_service:service_manager find; +allow con_monitor_app batterystats_service:service_manager find; +allow con_monitor_app virtual_device_service:service_manager find; + +binder_call(con_monitor_app, servicemanager); + +set_prop(con_monitor_app, radio_prop); From c9400f0dbbc3b96279f5f042f87ef89828658069 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Fri, 12 Jan 2024 03:09:08 +0000 Subject: [PATCH 199/321] Add wakeup node Bug: 319737316 Test: make sepolicy Change-Id: I4ca5aa9a5ff7b9b58e220fba01cfcbf283cc25c5 --- vendor/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 73e336a..286d5d8 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -43,6 +43,8 @@ genfscon sysfs /devices/platform/10870000.uart/tty/ttySAC0/power/wakeup genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-source-psy-i2c-max77759tcpc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 @@ -70,6 +72,7 @@ genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.au genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/13120000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/13120000.pcie/pci0001:00/0001:00:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 From 0b7ef4e53b37142511decdbd87d1f83cc7770d85 Mon Sep 17 00:00:00 2001 From: Angela Wu Date: Thu, 11 Jan 2024 02:02:05 +0000 Subject: [PATCH 200/321] Set up zumapro selinux policy for /dev/video12 access for hardware JPG encoder. (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:ea768217f5f8f2ab32a3f76b4329378c5731aa24) Bug: b/296330134 Test: https://android-build.corp.google.com/builds/abtd/run/L22000030001255046 Change-Id: I03d99401f5444e5a42e570a039c4838f1141bec9 --- vendor/debug_camera_app.te | 4 ++++ vendor/device.te | 1 + vendor/file_contexts | 3 +++ vendor/google_camera_app.te | 2 ++ vendor/hal_camera_default.te | 3 +++ 5 files changed, 13 insertions(+) create mode 100644 vendor/debug_camera_app.te create mode 100644 vendor/google_camera_app.te diff --git a/vendor/debug_camera_app.te b/vendor/debug_camera_app.te new file mode 100644 index 0000000..ddc4337 --- /dev/null +++ b/vendor/debug_camera_app.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` + # Allows GCA_Eng & GCA-Next to access the hw_jpeg /dev/video12. + allow debug_camera_app hw_jpg_device:chr_file rw_file_perms; +') \ No newline at end of file diff --git a/vendor/device.te b/vendor/device.te index b5f1575..10aff49 100644 --- a/vendor/device.te +++ b/vendor/device.te @@ -1,3 +1,4 @@ type lwis_device, dev_type; type tee_persist_block_device, dev_type; type tee_userdata_block_device, dev_type; +type hw_jpg_device, dev_type, mlstrustedobject; diff --git a/vendor/file_contexts b/vendor/file_contexts index 8398b3e..6613742 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -34,6 +34,8 @@ /vendor/lib64/libOpenCL-pixel\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/libOpenCL\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/lib_aion_buffer\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/lib_jpg_encoder\.so u:object_r:same_process_hal_file:s0 +/vendor/lib64/libhwjpeg\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib64/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 @@ -156,6 +158,7 @@ /dev/qbt_ipc u:object_r:fingerprint_device:s0 /dev/qbt_fd u:object_r:fingerprint_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 +/dev/video12 u:object_r:hw_jpg_device:s0 # Data /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te new file mode 100644 index 0000000..aa3f9e3 --- /dev/null +++ b/vendor/google_camera_app.te @@ -0,0 +1,2 @@ +# Allows GCA to access the hw_jpeg /dev/video12. +allow google_camera_app hw_jpg_device:chr_file rw_file_perms; diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 67b0c32..0b916fd 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -1,2 +1,5 @@ # Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes wakelock_use(hal_camera_default) + +# Allows camera HAL to access the hw_jpeg /dev/video12. +allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; From 86b073086faa8e75f0b5200aa975e61465d16110 Mon Sep 17 00:00:00 2001 From: yixuanjiang Date: Wed, 17 Jan 2024 18:11:27 +0800 Subject: [PATCH 201/321] aoc: add sysfs file entry Test: Local Bug: 314719343 Change-Id: I31e08e4f86b075f52b1483c17405074928b26f70 Signed-off-by: yixuanjiang --- tracking_denials/aocd.te | 2 -- vendor/genfs_contexts | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) delete mode 100644 tracking_denials/aocd.te diff --git a/tracking_denials/aocd.te b/tracking_denials/aocd.te deleted file mode 100644 index 05b7708..0000000 --- a/tracking_denials/aocd.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/314719343 -dontaudit aocd sysfs_aoc:file { read }; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 286d5d8..f166056 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -335,6 +335,7 @@ genfscon sysfs /devices/platform/17000000.aoc/control/hotword_wakeup u:ob genfscon sysfs /devices/platform/17000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 genfscon sysfs /devices/platform/17000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/17000000.aoc/notify_timeout_aoc_status u:object_r:sysfs_aoc_notifytimeout:s0 # OTA genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 From ebdc5d769b308cc26cbe8b9f2c230939abeb2101 Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Wed, 17 Jan 2024 19:23:42 +0000 Subject: [PATCH 202/321] Remove this tracking as the denial has been fixed by b/287683516 Bug: 287683516 Change-Id: I9a9c7ac6d226fb6a859b69f0c4eca4857f65cf84 --- tracking_denials/platform_app.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/platform_app.te diff --git a/tracking_denials/platform_app.te b/tracking_denials/platform_app.te deleted file mode 100644 index c7f81c7..0000000 --- a/tracking_denials/platform_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/309551159 -dontaudit platform_app radio_vendor_data_file:dir { search }; From e01b41b5193545560c3136e56c2dc5b8e9ebb835 Mon Sep 17 00:00:00 2001 From: chenkris Date: Mon, 15 Jan 2024 06:48:07 +0000 Subject: [PATCH 203/321] fingerprint: fix SELinux denials Fix following AVC denials: 1. SELinux : avc: denied { find } for interface=vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon sid=u:r:hal_fingerprint_default:s0 pid=2948 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:default_android_hwservice:s0 tclass=hwservice_manager permissive=0 Bug: 315737323 Test: boot with no relevant error Change-Id: I9f32e2bc771c5bfd8ebf26344342b8813f0b4930 --- {legacy/zuma/vendor => vendor}/hal_fingerprint_default.te | 0 {legacy/zuma/vendor => vendor}/hwservice_contexts | 1 + 2 files changed, 1 insertion(+) rename {legacy/zuma/vendor => vendor}/hal_fingerprint_default.te (100%) rename {legacy/zuma/vendor => vendor}/hwservice_contexts (52%) diff --git a/legacy/zuma/vendor/hal_fingerprint_default.te b/vendor/hal_fingerprint_default.te similarity index 100% rename from legacy/zuma/vendor/hal_fingerprint_default.te rename to vendor/hal_fingerprint_default.te diff --git a/legacy/zuma/vendor/hwservice_contexts b/vendor/hwservice_contexts similarity index 52% rename from legacy/zuma/vendor/hwservice_contexts rename to vendor/hwservice_contexts index dd24a5f..5aed498 100644 --- a/legacy/zuma/vendor/hwservice_contexts +++ b/vendor/hwservice_contexts @@ -1,2 +1,3 @@ # Fingerprint vendor.qti.hardware.fingerprint::IQtiExtendedFingerprint u:object_r:hal_fingerprint_ext_hwservice:s0 +vendor.goodix.hardware.biometrics.fingerprint::IGoodixFingerprintDaemon u:object_r:hal_fingerprint_ext_hwservice:s0 From 8f0acd418699c6ca571ebb1fdc3c7713de3add7d Mon Sep 17 00:00:00 2001 From: kadirpili Date: Wed, 20 Dec 2023 07:27:32 +0000 Subject: [PATCH 204/321] rfsd: add new property to sepolicy Avoid Access denied finding property "vendor.cbd.modem_bin_type" error message and give access for rfsd to access the property Bug: 307481296 Bug: 317735109 Change-Id: Icd287f863fd6d309297ce984f4ce387fb5d3ae24 --- radio/rfsd.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/rfsd.te b/radio/rfsd.te index 898e7fc..6391e48 100644 --- a/radio/rfsd.te +++ b/radio/rfsd.te @@ -29,6 +29,7 @@ allow rfsd radio_device:chr_file rw_file_perms; # Allow to set rild and modem property set_prop(rfsd, vendor_modem_prop) set_prop(rfsd, vendor_rild_prop) +get_prop(rfsd, vendor_cbd_prop) # Allow rfsd to access modem image file/dir allow rfsd modem_img_file:dir r_dir_perms; From 4f5d6c78128e9e3c507099b50ec0a3deaed2def8 Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Fri, 19 Jan 2024 08:04:32 +0000 Subject: [PATCH 205/321] Allow GrilService to access bluetooth extension HAL Bug: 320403892 Test: Manual Change-Id: I83834154563f9e77aaaf5ed786259a331497a378 --- radio/grilservice_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 251fe1b..3a093c8 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -3,6 +3,7 @@ app_domain(grilservice_app) allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow grilservice_app hal_bluetooth_coexistence_service:service_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_service:service_manager find; From e52dfde5280da2dba0337fd3219279ede0bf51ab Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 22 Jan 2024 17:45:51 +0000 Subject: [PATCH 206/321] Update error on ROM 11340999 Bug: 321733124 Test: SELinuxUncheckedDenialBootTest Change-Id: I1eca905eea9854be71926750b5d898c84c4794bd --- tracking_denials/system_suspend.te | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 tracking_denials/system_suspend.te diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te new file mode 100644 index 0000000..8d692c9 --- /dev/null +++ b/tracking_denials/system_suspend.te @@ -0,0 +1,2 @@ +# b/321733124 +dontaudit system_suspend_server sysfs:dir { read }; From 16453defb36963d29f4a2415517e94c5e5e7c4d9 Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Tue, 23 Jan 2024 17:40:16 +0800 Subject: [PATCH 207/321] sepolicy: allow hal_power_stats to read sysfs_display avc: denied { read } for name="available_disp_stats" dev="sysfs" ino=76162 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 321871433 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I84e3a561f60bec7f75c14359dc0a31216590a335 Signed-off-by: Darren Hsu --- vendor/genfs_contexts | 2 ++ vendor/hal_power_stats_default.te | 1 + 2 files changed, 3 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f166056..1c9ae7f 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -268,6 +268,7 @@ genfscon sysfs /devices/platform/19471000.drmdecon/early_wakeup genfscon sysfs /devices/platform/19470000.drmdecon/counters u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19471000.drmdecon/counters u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/available_disp_stats u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 @@ -275,6 +276,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_numb genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 genfscon sysfs /module/drm/parameters/vblankoffdelay u:object_r:sysfs_display:s0 diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te index 012debc..001b5fa 100644 --- a/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -3,6 +3,7 @@ r_dir_file(hal_power_stats_default, sysfs_aoc) r_dir_file(hal_power_stats_default, sysfs_aoc_dumpstate) r_dir_file(hal_power_stats_default, sysfs_acpm_stats) r_dir_file(hal_power_stats_default, sysfs_cpu) +r_dir_file(hal_power_stats_default, sysfs_display) r_dir_file(hal_power_stats_default, sysfs_edgetpu) r_dir_file(hal_power_stats_default, sysfs_iio_devices) r_dir_file(hal_power_stats_default, sysfs_leds) From ab78d95fb89859d23fa7302d608321986309d9d4 Mon Sep 17 00:00:00 2001 From: Megha Patil Date: Thu, 18 Jan 2024 07:09:17 +0000 Subject: [PATCH 208/321] Add System Property to Specify NTN Demo Mode Enabled "telephony.ril.ntn_demo_mode" Property is added which specifies RIL about NTN Demo Mode. BUG: b/321178074 Test: Set the property in the service. Change-Id: I8baca9ceaf364b579293679cabe26c33e0a4ec1e --- radio/radio.te | 1 + radio/rild.te | 1 + system_ext/private/pixelntnservice_app.te | 1 + system_ext/private/property_contexts | 1 + system_ext/public/property.te | 1 + 5 files changed, 5 insertions(+) diff --git a/radio/radio.te b/radio/radio.te index 49b2248..721e018 100644 --- a/radio/radio.te +++ b/radio/radio.te @@ -1,5 +1,6 @@ set_prop(radio, telephony_ril_prop) set_prop(radio, telephony_modemtype_prop) +get_prop(radio, telephony_ntn_demo_mode_prop) allow radio radio_vendor_data_file:dir rw_dir_perms; allow radio radio_vendor_data_file:file create_file_perms; diff --git a/radio/rild.te b/radio/rild.te index c8a826f..d2c526d 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -8,6 +8,7 @@ get_prop(rild, system_boot_reason_prop) set_prop(rild, telephony_ril_prop) set_prop(rild, telephony_modemtype_prop) +get_prop(rild, telephony_ntn_demo_mode_prop) allow rild proc_net:file rw_file_perms; allow rild radio_vendor_data_file:dir create_dir_perms; diff --git a/system_ext/private/pixelntnservice_app.te b/system_ext/private/pixelntnservice_app.te index 194d6c3..d3d7bb7 100644 --- a/system_ext/private/pixelntnservice_app.te +++ b/system_ext/private/pixelntnservice_app.te @@ -5,3 +5,4 @@ allow pixelntnservice_app app_api_service:service_manager find; allow pixelntnservice_app radio_service:service_manager find; set_prop(pixelntnservice_app, telephony_modem_prop) get_prop(pixelntnservice_app, telephony_modemtype_prop) +set_prop(pixelntnservice_app, telephony_ntn_demo_mode_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index b88ac5a..56360e3 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -2,3 +2,4 @@ telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum ntn tn telephony.ril.modem_bin_status u:object_r:telephony_modemtype_prop:s0 exact uint telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool +telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact bool diff --git a/system_ext/public/property.te b/system_ext/public/property.te index 8e5eb71..e492369 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -2,6 +2,7 @@ system_public_prop(telephony_ril_prop) system_restricted_prop(telephony_modem_prop) system_public_prop(telephony_modemtype_prop) +system_restricted_prop(telephony_ntn_demo_mode_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) From 76d4aef7276b7808a720164b15444c82dea15235 Mon Sep 17 00:00:00 2001 From: Chungro Lee Date: Fri, 19 Jan 2024 01:35:09 +0000 Subject: [PATCH 209/321] google_battery: support BC79 firmware update Bug: 319306735 Test: override flags via turboapp Change-Id: I7f81574e09534052f870f0bedd1cd412485211f0 Signed-off-by: Chungro Lee --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f166056..ab04bdf 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -10,6 +10,7 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/typec genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/typec u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/maxim,max77779fwu u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 From 5ce22b53f3b1a29bc9a3283e38ba2495b76e0aa6 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 23 Jan 2024 22:22:49 +0000 Subject: [PATCH 210/321] Update error on ROM 11347994 Bug: 322035750 Test: SELinuxUncheckedDenialBootTest Change-Id: I204fd486291b663c1fa06090225dc3890027498b --- tracking_denials/vendor_init.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index a006e27..1e84764 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -3,3 +3,5 @@ dontaudit vendor_init debugfs_trace_marker:file { getattr }; dontaudit vendor_init default_prop:property_service { set }; # b/317754251 dontaudit vendor_init vendor_camera_debug_prop:property_service { set }; +# b/322035750 +dontaudit vendor_init vendor_gps_prop:property_service { set }; From b434a0ecf23e655403a4f1eb6d7b1adc27cb6049 Mon Sep 17 00:00:00 2001 From: Mark Chang Date: Tue, 23 Jan 2024 12:01:49 +0000 Subject: [PATCH 211/321] Allow systemui_app to set property. This is to fix the denied log. 01-23 15:58:26.896 1 1 W /system/bin/init: type=1107 audit(0.0:17): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=debug.touch_sensitivity_mode pid=2123 uid=10237 gid=10237 scontext=u:r:systemui_app:s0:c237,c256,c512,c768 tcontext=u:object_r:debug_prop:s0 tclass=property_service permissive=0' Bug: 309912697 Test: Setting property was successful. Change-Id: Id841d2d45de8d8d57366faf71f5ee60da74ce111 Signed-off-by: Mark Chang --- system_ext/private/systemui_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/system_ext/private/systemui_app.te b/system_ext/private/systemui_app.te index a52aa2a..32bc9cf 100644 --- a/system_ext/private/systemui_app.te +++ b/system_ext/private/systemui_app.te @@ -18,6 +18,7 @@ allow systemui_app adb_service:service_manager find; get_prop(systemui_app, keyguard_config_prop) set_prop(systemui_app, bootanim_system_prop) get_prop(systemui_app, qemu_hw_prop) +set_prop(systemui_app, debug_prop) # Allow writing and removing wmshell protolog in /data/misc/wmtrace. userdebug_or_eng(` From a94e3728111aed4003b40b1250eb5808c64df744 Mon Sep 17 00:00:00 2001 From: shihchienc Date: Thu, 4 Jan 2024 04:28:33 +0000 Subject: [PATCH 212/321] Grant BT HAL to access socket file Bug: 318594713 Test: manual Change-Id: Iba93dcd9543366e89c40bc8d0ca58dfdd69ee141 --- vendor/hal_bluetooth_btlinux.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/hal_bluetooth_btlinux.te diff --git a/vendor/hal_bluetooth_btlinux.te b/vendor/hal_bluetooth_btlinux.te new file mode 100644 index 0000000..65e037d --- /dev/null +++ b/vendor/hal_bluetooth_btlinux.te @@ -0,0 +1 @@ +allow hal_bluetooth_btlinux vendor_bt_data_file:sock_file create_file_perms; From 80e917658866a181c43dea2e0918a4f0c3b93f53 Mon Sep 17 00:00:00 2001 From: James Huang Date: Thu, 25 Jan 2024 15:58:39 +0800 Subject: [PATCH 213/321] gps: remove hal_gnss_default.te from tracking_denials. Bug: b/309551158 Test: confirm no hal_gnss_default avc denied. Change-Id: I58a1d0712abfca4686a39626de8f566a5026455c --- tracking_denials/hal_gnss_default.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 tracking_denials/hal_gnss_default.te diff --git a/tracking_denials/hal_gnss_default.te b/tracking_denials/hal_gnss_default.te deleted file mode 100644 index 76bc5e9..0000000 --- a/tracking_denials/hal_gnss_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/309551158 -dontaudit hal_gnss_default fwk_sensor_service:service_manager { find }; -dontaudit hal_gnss_default vendor_gps_prop:file { read }; From 2fbd1edf60ff0970ba4c28fc05441ec7bc6f6c10 Mon Sep 17 00:00:00 2001 From: kierancyphus Date: Wed, 24 Jan 2024 15:51:37 +0800 Subject: [PATCH 214/321] liboemservice_proxy: Add sepolicy This was previously only configured to run on zuma devices, but should be expanded to this device as well. Since this service should only be present on these two devices, it's fine to just copy this here instead of placing it in gs-common. Test: atest vts_treble_vintf_vendor_test:DeviceManifest/SingleAidlTest Bug: 321867236 Change-Id: I9f086df735c866ed037307574b38458434a9c486 --- radio/dmd.te | 1 + radio/file_contexts | 1 + radio/liboemservice_proxy.te | 34 ++++++++++++++++++++++++++++++++++ radio/modem_diagnostic_app.te | 5 +++++ radio/service.te | 2 ++ radio/service_contexts | 2 ++ 6 files changed, 45 insertions(+) create mode 100644 radio/liboemservice_proxy.te create mode 100644 radio/service.te create mode 100644 radio/service_contexts diff --git a/radio/dmd.te b/radio/dmd.te index 76177b5..be820be 100644 --- a/radio/dmd.te +++ b/radio/dmd.te @@ -30,3 +30,4 @@ binder_call(dmd, hwservicemanager) binder_call(dmd, modem_diagnostic_app) binder_call(dmd, modem_logging_control) binder_call(dmd, vendor_telephony_silentlogging_app) +binder_call(dmd, liboemservice_proxy_default) diff --git a/radio/file_contexts b/radio/file_contexts index 8d74be8..1fcdfdd 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -11,6 +11,7 @@ /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 +/vendor/bin/liboemservice_proxy_default u:object_r:liboemservice_proxy_default_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/liboemservice_proxy.te b/radio/liboemservice_proxy.te new file mode 100644 index 0000000..9a4a61a --- /dev/null +++ b/radio/liboemservice_proxy.te @@ -0,0 +1,34 @@ +type liboemservice_proxy_default, domain; +type liboemservice_proxy_default_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(liboemservice_proxy_default) + +# Allow proxy to register as android service. +binder_use(liboemservice_proxy_default); +add_service(liboemservice_proxy_default, liboemservice_proxy_service); + +get_prop(liboemservice_proxy_default, hwservicemanager_prop) +binder_call(liboemservice_proxy_default, hwservicemanager) +binder_call(liboemservice_proxy_default, dmd) +allow liboemservice_proxy_default hal_vendor_oem_hwservice:hwservice_manager find; +allow liboemservice_proxy_default radio_vendor_data_file:dir create_dir_perms; +allow liboemservice_proxy_default radio_vendor_data_file:file create_file_perms; + +# Grant to access serial device for external logging tool +allow liboemservice_proxy_default serial_device:chr_file rw_file_perms; + +# Grant to access radio device +allow liboemservice_proxy_default radio_device:chr_file rw_file_perms; + +# Grant to access slog dir/file +allow liboemservice_proxy_default vendor_slog_file:dir create_dir_perms; +allow liboemservice_proxy_default vendor_slog_file:file create_file_perms; + +# Grant to access tcp socket +allow liboemservice_proxy_default node:tcp_socket node_bind; +allow liboemservice_proxy_default self:tcp_socket { create_socket_perms_no_ioctl listen accept bind }; + +# Grant to access log related properties +set_prop(liboemservice_proxy_default, vendor_diag_prop) +set_prop(liboemservice_proxy_default, vendor_slog_prop) +set_prop(liboemservice_proxy_default, vendor_modem_prop) +get_prop(liboemservice_proxy_default, vendor_persist_config_default_prop) diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index b21b792..aaf2aab 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -39,4 +39,9 @@ userdebug_or_eng(` allow modem_diagnostic_app sysfs_batteryinfo:dir search; dontaudit modem_diagnostic_app default_prop:file r_file_perms; + + # Modem Log Mask Library Permissions + allow modem_diagnostic_app liboemservice_proxy_service:service_manager find; + binder_use(modem_diagnostic_app) + binder_call(modem_diagnostic_app, liboemservice_proxy_default) ') diff --git a/radio/service.te b/radio/service.te new file mode 100644 index 0000000..349e658 --- /dev/null +++ b/radio/service.te @@ -0,0 +1,2 @@ +# Define liboemservice_proxy_service. +type liboemservice_proxy_service, hal_service_type, service_manager_type; \ No newline at end of file diff --git a/radio/service_contexts b/radio/service_contexts new file mode 100644 index 0000000..d463150 --- /dev/null +++ b/radio/service_contexts @@ -0,0 +1,2 @@ +# DMD oemservice aidl proxy. +com.google.pixel.modem.logmasklibrary.ILiboemserviceProxy/default u:object_r:liboemservice_proxy_service:s0 \ No newline at end of file From b89210063c6e87b2e35ad5822ede5c1fc209fb57 Mon Sep 17 00:00:00 2001 From: Wayne Lin Date: Sun, 28 Jan 2024 23:16:12 +0800 Subject: [PATCH 215/321] gps: refine iGNSS build system - sepolicy Bug: 318310869 Bug: 315915958 Test: build pass, GPS works and no GPS avc denied error Change-Id: I64d2e8971abb44d604082deaed6e90a13cac203d --- radio/file.te | 1 - 1 file changed, 1 deletion(-) diff --git a/radio/file.te b/radio/file.te index daceb56..798af08 100644 --- a/radio/file.te +++ b/radio/file.te @@ -1,6 +1,5 @@ # Data type rild_vendor_data_file, file_type, data_file_type; -type vendor_gps_file, file_type, data_file_type; type modem_ml_data_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; From 39a0baed3c91c091d25d1900ed66d74a5550d9eb Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 30 Jan 2024 07:17:49 +0000 Subject: [PATCH 216/321] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 318310869 Test: scanBugreport Bug: 322917055 Bug: 322916328 Bug: 322916246 Bug: 322917075 Test: scanAvcDeniedLogRightAfterReboot Bug: 318310869 Change-Id: I63c0cc342af0407fab6b188e982a3ea6699f3618 --- tracking_denials/bug_map | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 216a579..b38232f 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -1,6 +1,12 @@ + +dump_display sysfs file b/322917055 +dumpstate image_processing_hal binder b/322916328 +dumpstate image_processing_server binder b/322916328 +hal_gnss_default vendor_gps_prop file b/318310869 +hal_uwb_default selinuxfs file b/322916246 +incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 spad spad unix_stream_socket b/309550905 swcnd swcnd unix_stream_socket b/309551062 - From b867cabc8741545b39594201afa7a3b7fa26c394 Mon Sep 17 00:00:00 2001 From: Ted Wang Date: Tue, 30 Jan 2024 12:26:17 +0000 Subject: [PATCH 217/321] Allow CccDkTimeSyncService to access bluetooth extension HAL Bug: 308381394 Test: build and check for avc denied Change-Id: Ic602d3caf0b0cdfb1041d339e48d4671e7150d85 --- tracking_denials/vendor_cccdktimesync_app.te | 2 -- {legacy/zuma/vendor => vendor}/cccdk_timesync_app.te | 3 ++- 2 files changed, 2 insertions(+), 3 deletions(-) delete mode 100644 tracking_denials/vendor_cccdktimesync_app.te rename {legacy/zuma/vendor => vendor}/cccdk_timesync_app.te (77%) diff --git a/tracking_denials/vendor_cccdktimesync_app.te b/tracking_denials/vendor_cccdktimesync_app.te deleted file mode 100644 index 885c6c6..0000000 --- a/tracking_denials/vendor_cccdktimesync_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381394 -dontaudit vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager { find }; diff --git a/legacy/zuma/vendor/cccdk_timesync_app.te b/vendor/cccdk_timesync_app.te similarity index 77% rename from legacy/zuma/vendor/cccdk_timesync_app.te rename to vendor/cccdk_timesync_app.te index f34c5f3..3948edc 100644 --- a/legacy/zuma/vendor/cccdk_timesync_app.te +++ b/vendor/cccdk_timesync_app.te @@ -2,6 +2,7 @@ type vendor_cccdktimesync_app, domain; app_domain(vendor_cccdktimesync_app) allow vendor_cccdktimesync_app app_api_service:service_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; +allow vendor_cccdktimesync_app hal_bluetooth_coexistence_service:service_manager find; binder_call(vendor_cccdktimesync_app, hal_bluetooth_btlinux) -allow vendor_cccdktimesync_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; From 5c7d5fe598fd64c13d36b8e14e65c8d1817b2f52 Mon Sep 17 00:00:00 2001 From: Albert Wang Date: Wed, 31 Jan 2024 15:41:11 +0800 Subject: [PATCH 218/321] usb: correct the xhci wakeup path Error log: Error opening kernel wakelock stats for: wakeup146 (...xhci-hcd-exynos.8.auto/usb1/1-1/wakeup/wakeup146): Permission denied Bug: 311087938 Test: boot to home and host mode works well Change-Id: Ic0c11ee98779cc1e2ae60b9c2242f5cfacbb2df4 --- vendor/genfs_contexts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f0f09b2..ad85ddd 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -68,8 +68,8 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-m genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1/wakeup u:object_r:sysfs_wakeup:s0 -genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb1 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/usb2 u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.8.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/12100000.pcie/pci0000:00/0000:00:00.0/power/wakeup u:object_r:sysfs_wakeup:s0 From 19a720dbe0b45a203ca2826c90e3b2497796bed3 Mon Sep 17 00:00:00 2001 From: Wiwit Rifa'i Date: Wed, 31 Jan 2024 16:22:07 +0800 Subject: [PATCH 219/321] Move hal_graphics_composer_default from legacy to vendor Bug: 315497129 Test: boot to home Change-Id: I7408333a5a43a49045b66d697c71bdc89af25ff0 --- {legacy/zuma/vendor => vendor}/hal_graphics_composer_default.te | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename {legacy/zuma/vendor => vendor}/hal_graphics_composer_default.te (100%) diff --git a/legacy/zuma/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te similarity index 100% rename from legacy/zuma/vendor/hal_graphics_composer_default.te rename to vendor/hal_graphics_composer_default.te From 24ad0c2d7fe9de6c83905a9621a3a205cb3f4672 Mon Sep 17 00:00:00 2001 From: Wiwit Rifa'i Date: Wed, 31 Jan 2024 06:50:31 +0800 Subject: [PATCH 220/321] Allow binder calls between composer and powerstats This will fix some avc denials: * SELinux : avc: denied { find } for pid=508 uid=1000 name=power.stats-vendor scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:object_r:hal_power_stats_vendor_service:s0 tclass=service_manager permissive=0 * binder:501_1: type=1400 audit(0.0:30): avc: denied { call } for scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:r:hal_power_stats_default:s0 tclass=binder permissive=0 * android.hardwar: type=1400 audit(0.0:10): avc: denied { call } for scontext=u:r:hal_power_stats_default:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0 Bug: 315497129 Test: check no avc denied between composer & powerstats Change-Id: I6033e088d5706a0d2a6f942f983a05e6148764a9 --- vendor/hal_graphics_composer_default.te | 4 ++++ vendor/hal_power_stats_default.te | 3 +++ 2 files changed, 7 insertions(+) diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te index 5c4aef4..4035a57 100644 --- a/vendor/hal_graphics_composer_default.te +++ b/vendor/hal_graphics_composer_default.te @@ -41,3 +41,7 @@ add_service(hal_graphics_composer_default, vendor_surfaceflinger_vndservice) allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms; allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms; allow hal_graphics_composer_default vendor_log_file:dir search; + +# allow HWC to access powerstats +allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find; +binder_call(hal_graphics_composer_default, hal_power_stats_default) diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te index 001b5fa..24cf4f7 100644 --- a/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -18,3 +18,6 @@ allow hal_power_stats_default sysfs_odpm:file rw_file_perms; # getStateResidency AIDL callback for Bluetooth HAL binder_call(hal_power_stats_default, hal_bluetooth_btlinux) + +# getStateResidency AIDL callback for Composer HAL +binder_call(hal_power_stats_default, hal_graphics_composer_default) From 25748e9d9394f4e7ada0e0199748e3b8823a350b Mon Sep 17 00:00:00 2001 From: Kuen-Han Tsai Date: Fri, 2 Feb 2024 17:35:39 +0800 Subject: [PATCH 221/321] Set SEPolicy for the disable_contaminant_detection script This patch ports Zuma project SEPolicy and corrects the platform device name. init : Command 'exec /vendor/bin/hw/disable_contaminant_detection.sh' action=vendor.usb.contaminantdisable=true (/vendor/etc/init/hw/ init.zumapro.usb.rc:288) took 5ms and failed: Could not start exec service: File /vendor/bin/hw/disable_contaminant_detection.sh(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined. Have you configured your service correctly? https://source.android.com/security/selinux/device-policy# label_new_services_and_address_denials. Note: this error shows up even in permissive mode in order to make auditing denials possible. Bug: 295127978 Test: manual test Change-Id: I4269127f0101250615aad9218a9e2684579a653b Signed-off-by: Kuen-Han Tsai --- vendor/disable-contaminant-detection-sh.te | 7 +++++++ vendor/file_contexts | 1 + vendor/genfs_contexts | 3 +++ 3 files changed, 11 insertions(+) create mode 100644 vendor/disable-contaminant-detection-sh.te diff --git a/vendor/disable-contaminant-detection-sh.te b/vendor/disable-contaminant-detection-sh.te new file mode 100644 index 0000000..95845a1 --- /dev/null +++ b/vendor/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/vendor/file_contexts b/vendor/file_contexts index 6613742..3cec364 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -26,6 +26,7 @@ /vendor/bin/hw/qfp-daemon u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 # Vendor libraries /vendor/lib64/libdrm\.so u:object_r:same_process_hal_file:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index f0f09b2..3331ac0 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -2,6 +2,9 @@ genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 +# disable contaminant detection +genfscon sysfs /devices/platform/108d0000.hsi2c u:object_r:sysfs_batteryinfo:s0 + # Battery genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-006e/chg_stats u:object_r:sysfs_pca:s0 From ed3ca1e26657fcb8bf71988e23c736ff7bc7c845 Mon Sep 17 00:00:00 2001 From: shihchienc Date: Thu, 4 Jan 2024 04:26:50 +0000 Subject: [PATCH 222/321] Grant Thread HAL service to access BT HAL folder 02-02 14:36:00.660 2378 2378 I android.hardwar: type=1400 audit(0.0:15): avc: denied { read } for name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 02-02 14:36:00.660 2378 2378 I android.hardwar: type=1400 audit(0.0:16): avc: denied { watch } for path="/data/vendor/bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 02-02 14:36:02.664 2378 2378 I android.hardwar: type=1400 audit(0.0:17): avc: denied { search } for name="bluetooth" dev="dm-53" ino=399 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=dir permissive=1 14:36:29.076 7627 7627 I android.hardwar: type=1400 audit(0.0:30): avc: denied { getattr } for path="/data/vendor/bluetooth/thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1 02-02 14:36:29.076 7627 7627 I android.hardwar: type=1400 audit(0.0:31): avc: denied { write } for name="thread_dispatcher_socket" dev="dm-53" ino=46090 scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:object_r:vendor_bt_data_file:s0 tclass=sock_file permissive=1 02-02 14:36:29.076 7627 7627 I android.hardwar: type=1400 audit(0.0:32): avc: denied { connectto } for path="/data/vendor/bluetooth/thread_dispatcher_socket" scontext=u:r:hal_threadnetwork_default:s0 tcontext=u:r:hal_bluetooth_btlinux:s0 tclass=unix_stream_socket permissive=1 Bug: 318594282 Test: reboot and open bluetooth Change-Id: Ia63ed27b732eafa2e0aa3311fc7cea9c77e7b50c --- vendor/hal_threadnetwork_default.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 vendor/hal_threadnetwork_default.te diff --git a/vendor/hal_threadnetwork_default.te b/vendor/hal_threadnetwork_default.te new file mode 100644 index 0000000..558847b --- /dev/null +++ b/vendor/hal_threadnetwork_default.te @@ -0,0 +1,3 @@ +allow hal_threadnetwork_default vendor_bt_data_file:dir r_dir_perms; +allow hal_threadnetwork_default vendor_bt_data_file:sock_file rw_file_perms; +allow hal_threadnetwork_default hal_bluetooth_btlinux:unix_stream_socket connectto; From bf3e95edb10afa40fe42518ec0809bd18f534f24 Mon Sep 17 00:00:00 2001 From: Wiwit Rifa'i Date: Mon, 5 Feb 2024 15:40:17 +0800 Subject: [PATCH 223/321] Allow binder call from servicemanager to composer This will fix below avc denial: type=1400 audit(0.0:4): avc: denied { call } for comm="servicemanager" scontext=u:r:servicemanager:s0 tcontext=u:r:hal_graphics_composer_default:s0 tclass=binder permissive=0 Bug: 323761837 Bug: 315497129 Test: verify this avc denial doesn't appear Change-Id: I76d7ea9e52e7140a715e375142abd904be8fa6ce --- vendor/servicemanager.te | 1 + 1 file changed, 1 insertion(+) create mode 100644 vendor/servicemanager.te diff --git a/vendor/servicemanager.te b/vendor/servicemanager.te new file mode 100644 index 0000000..c3fa4da --- /dev/null +++ b/vendor/servicemanager.te @@ -0,0 +1 @@ +binder_call(servicemanager, hal_graphics_composer_default) From 0e115d4d15a7981ba715792b8a35d5c99d3c4f39 Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Wed, 7 Feb 2024 05:19:37 +0000 Subject: [PATCH 224/321] hal_usb_impl: Grant read permission to usb overheat files Carried over from WHI PRO setting. Bug: 307583011 Test: no audit logs Change-Id: Icdcf36ee739f009a1e87ecd346b6178d096079b9 --- vendor/hal_usb_impl.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 4ab9fbc..99644e8 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -18,3 +18,6 @@ hal_client_domain(hal_usb_impl, hal_thermal); # Needed for reporting Usb Overheat suez event through statsd allow hal_usb_impl fwk_stats_service:service_manager find; + +# For reading the usb-c throttling stats +allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms; From b0aec773ff71f2917f97228fa4853e189b0f8940 Mon Sep 17 00:00:00 2001 From: Dinesh Yadav Date: Fri, 5 Jan 2024 08:06:56 +0000 Subject: [PATCH 225/321] Remove permissive mode from gxp_logging service The permission issues have been resolved with the latest release. Test: Tested that no avc violations are seen after using the private build. Bug: 307468752 Change-Id: I962650551c94a924f4d63a79f8a684c5440f58e9 --- tracking_denials/gxp_logging.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/gxp_logging.te diff --git a/tracking_denials/gxp_logging.te b/tracking_denials/gxp_logging.te deleted file mode 100644 index 1aa14ac..0000000 --- a/tracking_denials/gxp_logging.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468752 -userdebug_or_eng(` - permissive gxp_logging; -') \ No newline at end of file From 52fe3a27037903a09ce867f59408f89f52a709a9 Mon Sep 17 00:00:00 2001 From: Imo Richard Umoren Date: Wed, 7 Feb 2024 20:04:20 +0000 Subject: [PATCH 226/321] Add CHRE SELinux Permissions for Twoshay [Zuma Pro] Adds permissions for chre socket to SELinux policy. Used for the Wallaby nanoapp. Bug: b/324278826 Test: Manually tested on zuma pro devices Change-Id: Ied113002ec0650607f657cc47d183635916ae83e --- vendor/twoshay.te | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 vendor/twoshay.te diff --git a/vendor/twoshay.te b/vendor/twoshay.te new file mode 100644 index 0000000..48829f3 --- /dev/null +++ b/vendor/twoshay.te @@ -0,0 +1,10 @@ +# Allow ITouchContextService callback +binder_call(twoshay, systemui_app) + +binder_call(twoshay, hal_radioext_default) + +# b/324278826 +unix_socket_connect(twoshay, chre, chre) +# TODO(b/248615564): Remove above rule after CHRE multiclient HAL is launched. +unix_socket_connect(twoshay, chre, hal_contexthub_default) +allow twoshay self:capability2 block_suspend; \ No newline at end of file From 7d46482f86a3cd6a9b4569c485cc953b6c7fe1b8 Mon Sep 17 00:00:00 2001 From: Daniel Okazaki Date: Fri, 9 Feb 2024 00:26:48 +0000 Subject: [PATCH 227/321] moving charger nodes to user build Bug: 323415060 Test: adb bugreport Change-Id: I2f613d513b2c8a1eb5f52dbd6ba9f8381486a150 Signed-off-by: Daniel Okazaki --- vendor/genfs_contexts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 3331ac0..9b7dede 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -17,6 +17,14 @@ genfscon sysfs /devices/platform/maxim,max77779fwu genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0066/name u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0066/registers_dump u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/name u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0069/registers_dump u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0066/name u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0066/registers_dump u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/name u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10cb0000.hsi2c/i2c-11/11-0069/registers_dump u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/registers_dump u:object_r:sysfs_power_dump:s0 From 7da489c7ad44420ca5ac55b8ad0e45342eedfd97 Mon Sep 17 00:00:00 2001 From: Ken Yang Date: Mon, 19 Feb 2024 04:21:12 +0000 Subject: [PATCH 228/321] SELinux: fix SELinux denials devices/platform/108d0000.hsi2c/i2c-6/6-0066/max77779-pmic-irq.2.auto/wakeup/wakeup69 Bug: 325680852 Change-Id: I974c65bab46f3de3bdcacb42c67257d91a3ecf8a Signed-off-by: Ken Yang --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 3331ac0..2820fd0 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -52,6 +52,7 @@ genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/tcpm-s genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/power_supply/usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0066/max77779-pmic-irq.2.auto/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/wakeup/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0036/power_supply/max77779fg/wakeup u:object_r:sysfs_wakeup:s0 From 0ae4d6f09e2257de93d2e26007bf2c0aa9944f4d Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 19 Feb 2024 14:58:04 +0800 Subject: [PATCH 229/321] dontaudit on dir search for vendor_votable_debugfs Bug: 305880925 Bug: 310539058 Bug: 318033504 Test: make selinux_policy Change-Id: I5e13370fe5430f3dfbf73ccff787986fbe80f9ea --- tracking_denials/kernel.te | 2 -- vendor/kernel.te | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index 7418850..7a36039 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,4 +1,2 @@ # b/308381222 dontaudit kernel kernel:capability { net_bind_service }; -# b/318033504 -dontaudit kernel vendor_votable_debugfs:dir { search }; diff --git a/vendor/kernel.te b/vendor/kernel.te index ac9c987..bf91ddd 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -15,3 +15,4 @@ no_debugfs_restriction(` allow kernel vendor_regmap_debugfs:dir search; dontaudit kernel vendor_usb_debugfs:dir search; +dontaudit kernel vendor_votable_debugfs:dir search; From 7b65b7fb2b07dc7afcaffa590a71207808f362fd Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Mon, 19 Feb 2024 16:35:38 +0800 Subject: [PATCH 230/321] sepolicy: allow hal_power_stats to read GPS files avc: denied { search } for name="gps" dev="dm-49" ino=381 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:vendor_gps_file:s0 tclass=dir permissive=0 Bug: 309876364 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I577443effaf8c3072e05c24025ec2c9ba63639b8 Signed-off-by: Darren Hsu --- vendor/hal_power_stats_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/hal_power_stats_default.te b/vendor/hal_power_stats_default.te index 24cf4f7..c2e6100 100644 --- a/vendor/hal_power_stats_default.te +++ b/vendor/hal_power_stats_default.te @@ -11,6 +11,7 @@ r_dir_file(hal_power_stats_default, sysfs_odpm) r_dir_file(hal_power_stats_default, sysfs_scsi_devices_0000) r_dir_file(hal_power_stats_default, sysfs_wifi) r_dir_file(hal_power_stats_default, powerstats_vendor_data_file) +r_dir_file(hal_power_stats_default, vendor_gps_file) # Rail selection requires read/write permissions allow hal_power_stats_default sysfs_odpm:dir search; From 3a49506b92895e99220ce0a32ed493d6738caa6c Mon Sep 17 00:00:00 2001 From: Hasan Awais Date: Tue, 20 Feb 2024 09:40:09 -0800 Subject: [PATCH 231/321] Remove hal_uwb_default selinux bug map entry The selinux filesystem is no longer being read, so this property is no longer needed. Bug: 322916246 Change-Id: I48a08c7068904b25e30c59e2fe3a2dd74a274ba8 Signed-off-by: Hasan Awais --- tracking_denials/bug_map | 1 - 1 file changed, 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index b38232f..346638e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,7 +3,6 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 hal_gnss_default vendor_gps_prop file b/318310869 -hal_uwb_default selinuxfs file b/322916246 incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 From 8fb23328643b8cb9aa022983dcf721f24215bdbe Mon Sep 17 00:00:00 2001 From: Chi Zhang Date: Fri, 16 Feb 2024 11:48:07 -0800 Subject: [PATCH 232/321] Allow GRIL to get IRQ counts. auditd : type=1400 audit(0.0:94): avc: denied { read } for comm="TestableLooper" name="irq" dev="sysfs" ino=20470 scontext=u:r:grilservice_app:s0:c241,c256,c512,c768 tcontext=u:object_r:sysfs_irq:s0 tclass=dir permissive=0 app=com.google.android.grilservice Bug: 322548372 Test: build and boot Change-Id: Iffc7f49d28ccd1960e6f939375a8e42958eff8bb --- radio/grilservice_app.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 3a093c8..090cbe6 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -17,3 +17,6 @@ binder_call(grilservice_app, hal_wifi_ext) binder_call(grilservice_app, hal_audiometricext_default) binder_call(grilservice_app, rild) hal_client_domain(grilservice_app, hal_power_stats) +# Read access to /sys/kernel/irq +allow grilservice_app sysfs_irq:dir r_dir_perms; +allow grilservice_app sysfs_irq:file r_file_perms; From 1045d8943c3149dd0b1f1077170dba93e1d8a4b1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= Date: Wed, 21 Feb 2024 13:48:01 +1100 Subject: [PATCH 233/321] Remove persist.bootanim.color property definitions These now belong to the platform policy. Bug: 321088135 Test: build Change-Id: I98f41827a94defc3122db88275bed51576c9f3f0 --- private/property_contexts | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 private/property_contexts diff --git a/private/property_contexts b/private/property_contexts deleted file mode 100644 index abcdd41..0000000 --- a/private/property_contexts +++ /dev/null @@ -1,5 +0,0 @@ -# Boot animation dynamic colors -persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int From 4118c09b83975fc69fce815cb463fc3879141185 Mon Sep 17 00:00:00 2001 From: Mahesh Kallelil Date: Tue, 20 Feb 2024 22:54:06 -0800 Subject: [PATCH 234/321] radio: Add PCIe dyn speed sysfs nodes to sysfs_modem Allow modem_svc to write to the cpif sysfs files for PCIe dynamic speed feature control. Test: Tested with property change on device Bug: 256247132 Change-Id: I1117ebf15ff4546cdd3a4bf0a653a46d39a8b59c Signed-off-by: Mahesh Kallelil --- radio/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/radio/genfs_contexts b/radio/genfs_contexts index 347e461..d166b2a 100644 --- a/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -9,3 +9,6 @@ genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby # Modem genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cpif/dynamic_pcie_spd/tp_threshold u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cpif/dynamic_pcie_spd/tp_hysteresis u:object_r:sysfs_modem:s0 +genfscon sysfs /devices/platform/cpif/dynamic_pcie_spd/dynamic_spd_enable u:object_r:sysfs_modem:s0 From 1518455ede3fb2a975852b5bf2786950d0c7f676 Mon Sep 17 00:00:00 2001 From: Helen Date: Fri, 23 Feb 2024 08:45:53 +0000 Subject: [PATCH 235/321] Allow imssvc property access for the audio path in PDK build Bug: 319336100 Test: build and test using the PDK build in live network Change-Id: I2e2045cde6a4cc5c5ea52b205aea6cb6da18e0b9 --- vendor/vendor_init.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index a732da8..671d734 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -2,3 +2,8 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_display_prop) allow vendor_init tee_data_file:lnk_file read; + +# Vendor Ims Service property - Set the audio path for PDK build +userdebug_or_eng(` + set_prop(vendor_init, vendor_imssvc_prop) +') From 110b7705a1cf2c8f6497afa7570d6e87210b0b85 Mon Sep 17 00:00:00 2001 From: Rubin Xu Date: Fri, 23 Feb 2024 12:12:26 +0000 Subject: [PATCH 236/321] Revert "Remove persist.bootanim.color property definitions" Revert submission 26301396-bootanim_prop Reason for revert: DroidMonitor-triggered revert due to breakage https://android-build.corp.google.com/quarterdeck/?branch=git_main&target=sdk_goog3_x86_64-trunk_staging-userdebug&lkgb=11487950&lkbb=11488141&fkbb=11488141 Bug: 326521604 Reverted changes: /q/submissionid:26301396-bootanim_prop Change-Id: Idfb848f2a4df8191c867aedfd4ec24f18de1b1ad --- private/property_contexts | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 private/property_contexts diff --git a/private/property_contexts b/private/property_contexts new file mode 100644 index 0000000..abcdd41 --- /dev/null +++ b/private/property_contexts @@ -0,0 +1,5 @@ +# Boot animation dynamic colors +persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int +persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int From 52478ef92bec92dcbaa74e5edb2f541999629c49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thi=C3=A9baud=20Weksteen?= Date: Sun, 25 Feb 2024 23:58:44 +0000 Subject: [PATCH 237/321] Revert^2 "Remove persist.bootanim.color property definitions" 110b7705a1cf2c8f6497afa7570d6e87210b0b85 Change-Id: I9e49db39f15479083e6187f1db17af084441ff04 --- private/property_contexts | 5 ----- 1 file changed, 5 deletions(-) delete mode 100644 private/property_contexts diff --git a/private/property_contexts b/private/property_contexts deleted file mode 100644 index abcdd41..0000000 --- a/private/property_contexts +++ /dev/null @@ -1,5 +0,0 @@ -# Boot animation dynamic colors -persist.bootanim.color1 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color2 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color3 u:object_r:bootanim_system_prop:s0 exact int -persist.bootanim.color4 u:object_r:bootanim_system_prop:s0 exact int From 348e64ecce5361e23d1d0eb6cf73ea1e0f19f893 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Mon, 26 Feb 2024 08:37:54 +0000 Subject: [PATCH 238/321] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 326869289 Bug: 326869335 Test: scanBugreport Bug: 326869823 Test: scanAvcDeniedLogRightAfterReboot Bug: 326869239 Change-Id: I8b245d769ae91c2f3f3d2dd7cfb1b8eebb83dd22 --- tracking_denials/bug_map | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 346638e..d7b9459 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,7 +3,11 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 hal_gnss_default vendor_gps_prop file b/318310869 +hal_graphics_composer_default sysfs file b/326869239 +hal_graphics_composer_default sysfs file b/326869289 +hal_graphics_composer_default sysfs file b/326869823 incidentd incidentd anon_inode b/322917075 +kernel vendor_charger_debugfs dir b/326869335 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 From 85aa1cb4b1f5ea4a6e771c74042a0df13b5bd34e Mon Sep 17 00:00:00 2001 From: Jack Wu Date: Mon, 26 Feb 2024 21:10:51 +0800 Subject: [PATCH 239/321] dontaudit on dir search for vendor_charger_debugfs Bug: 326869335 Test: make selinux_policy Change-Id: I22623dd1c47a431233eb6666dbe37fa2d9aa73a3 Signed-off-by: Jack Wu --- tracking_denials/bug_map | 1 - vendor/kernel.te | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index d7b9459..1e8b4bb 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -7,7 +7,6 @@ hal_graphics_composer_default sysfs file b/326869239 hal_graphics_composer_default sysfs file b/326869289 hal_graphics_composer_default sysfs file b/326869823 incidentd incidentd anon_inode b/322917075 -kernel vendor_charger_debugfs dir b/326869335 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 diff --git a/vendor/kernel.te b/vendor/kernel.te index bf91ddd..32cbe0f 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -16,3 +16,4 @@ allow kernel vendor_regmap_debugfs:dir search; dontaudit kernel vendor_usb_debugfs:dir search; dontaudit kernel vendor_votable_debugfs:dir search; +dontaudit kernel vendor_charger_debugfs:dir search; From 38170d1c85ad9b280d2b74dd45a241f2f605c938 Mon Sep 17 00:00:00 2001 From: Salmax Chang Date: Tue, 27 Feb 2024 12:18:54 +0800 Subject: [PATCH 240/321] ssr_detector: remove tracking denial Bug: 307468827 Change-Id: I232d7afd5d002ef59311a16317e0e2b7a1ccbfb7 --- tracking_denials/ssr_detector_app.te | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 tracking_denials/ssr_detector_app.te diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te deleted file mode 100644 index a5a640d..0000000 --- a/tracking_denials/ssr_detector_app.te +++ /dev/null @@ -1,4 +0,0 @@ -# b/307468827 -userdebug_or_eng(` - permissive ssr_detector_app; -') \ No newline at end of file From f77068cbe0cf720d31d7bd460d5ba64f26ade083 Mon Sep 17 00:00:00 2001 From: derickhong Date: Tue, 27 Feb 2024 16:22:54 +0800 Subject: [PATCH 241/321] Update SELinux error Bug: 326869289 Test: adb shell dmesg | grep avc ; adb logcat -d | grep avc Change-Id: I57090ee64cafc5c2a9d98ec02152fdc9eb495591 --- tracking_denials/bug_map | 3 --- 1 file changed, 3 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1e8b4bb..346638e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,9 +3,6 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 hal_gnss_default vendor_gps_prop file b/318310869 -hal_graphics_composer_default sysfs file b/326869239 -hal_graphics_composer_default sysfs file b/326869289 -hal_graphics_composer_default sysfs file b/326869823 incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 From f88ffce8c791828130ba0e221f182d0888db7bfa Mon Sep 17 00:00:00 2001 From: Peter Lin Date: Fri, 2 Feb 2024 00:56:05 +0000 Subject: [PATCH 242/321] add dsim wakeup labels Bug: 321733124 test: ls sys/devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup -Z Change-Id: I28bc16f23478131dfecf2ad61b306ce9ae1e2767 --- tracking_denials/system_suspend.te | 2 -- vendor/genfs_contexts | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 tracking_denials/system_suspend.te diff --git a/tracking_denials/system_suspend.te b/tracking_denials/system_suspend.te deleted file mode 100644 index 8d692c9..0000000 --- a/tracking_denials/system_suspend.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/321733124 -dontaudit system_suspend_server sysfs:dir { read }; diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 3331ac0..1e3451a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -110,6 +110,8 @@ genfscon sysfs /devices/platform/odm/odm:btbcm/power/wakeup genfscon sysfs /devices/platform/odm/odm:btbcm/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 From f8aaa7afa03fee5440d9493d985574990fe9fa9a Mon Sep 17 00:00:00 2001 From: Sungtak Lee Date: Tue, 27 Feb 2024 18:14:13 +0000 Subject: [PATCH 243/321] Add AIDL media.c2 into service_contexts Bug: 321808716 Change-Id: Ieff24ebd4c5ce6201faecf819828f21cb598de67 --- vendor/service_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/service_contexts b/vendor/service_contexts index cc9df8e..ad6122e 100644 --- a/vendor/service_contexts +++ b/vendor/service_contexts @@ -2,4 +2,4 @@ vendor.qti.hardware.fingerprint.IQfpExtendedFingerprint/default u:object_r:hal com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 - +android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0 From 6914e7a49be9639902bf28d2f9f104e38dd68456 Mon Sep 17 00:00:00 2001 From: Kah Xuan Lim Date: Mon, 13 Nov 2023 12:34:35 +0800 Subject: [PATCH 244/321] Modem ML: Add sepolicy for TFLiteService Add the sepolicy required to: - Introduce modemml_tflite_service which runs on the system server. - Allow modem_ml_svc_sit to access the new service. - Allow system_server to access NNAPI TPU service. Relevant logs before the sepolicy changes are made: ``` auditd : avc: denied { find } for pid=1000 uid=1001 name=com.android.server.modemml.ITFLiteService/default scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:object_r:modemml_tflite_service:s0 tclass=service_manager permissive=1 ``` ``` 11-14 03:03:44.392 1064 1064 I auditd : type=1400 audit(0.0:9): avc: denied { call } for comm="modem_ml_svc_si" scontext=u:r:modem_ml_svc_sit:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=1 ``` ``` SELinux : avc: denied { find } for pid=1115 uid=1000 name=android.hardware.neuralnetworks.IDevice/google-edgetpu scontext=u:r:system_server:s0 tcontext=u:object_r:edgetpu_nnapi_service:s0 tclass=service_manager permissive=1 ``` Bug: 307449478 Change-Id: I14c2aa02eca08a026d100af6eea11ac9ac9e4fc7 --- radio/modem_ml_svc_sit.te | 4 ++++ vendor/service.te | 1 + vendor/service_contexts | 1 + vendor/system_server.te | 2 ++ 4 files changed, 8 insertions(+) create mode 100644 vendor/system_server.te diff --git a/radio/modem_ml_svc_sit.te b/radio/modem_ml_svc_sit.te index d094fb6..609e56a 100644 --- a/radio/modem_ml_svc_sit.te +++ b/radio/modem_ml_svc_sit.te @@ -24,3 +24,7 @@ get_prop(modem_ml_svc_sit, vendor_rild_prop) # Access to NNAPI service hal_client_domain(modem_ml_svc_sit, hal_neuralnetworks) allow modem_ml_svc_sit edgetpu_nnapi_service:service_manager find; + +# Access to TFLite binder service +allow modem_ml_svc_sit modemml_tflite_service:service_manager find; +binder_call(modem_ml_svc_sit, system_server) diff --git a/vendor/service.te b/vendor/service.te index b866caa..6be01a1 100644 --- a/vendor/service.te +++ b/vendor/service.te @@ -4,3 +4,4 @@ type hal_uwb_vendor_service, service_manager_type, hal_service_type; # WLC type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; +type modemml_tflite_service, system_server_service, service_manager_type; diff --git a/vendor/service_contexts b/vendor/service_contexts index ad6122e..38a8cca 100644 --- a/vendor/service_contexts +++ b/vendor/service_contexts @@ -3,3 +3,4 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 android.hardware.media.c2.IComponentStore/default1 u:object_r:hal_codec2_service:s0 +com.android.server.modemml.ITFLiteService/default u:object_r:modemml_tflite_service:s0 diff --git a/vendor/system_server.te b/vendor/system_server.te new file mode 100644 index 0000000..52b499f --- /dev/null +++ b/vendor/system_server.te @@ -0,0 +1,2 @@ +# Allow modemml.TFLiteService in system server to access NNAPI TPU service +allow system_server edgetpu_nnapi_service:service_manager find; From 0bb5c5b305e46f9ea9ec949815f651d7d6f73ae8 Mon Sep 17 00:00:00 2001 From: John Chang Date: Wed, 6 Mar 2024 16:05:43 +0000 Subject: [PATCH 245/321] display: change vrr.enabled to xrr.version Bug: 328001545 Test: Test MRR Version 2 is properly configured Change-Id: I02291bb537fe5a09ab8a1aa755426f45465883a9 --- tracking_denials/property_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/property_contexts b/tracking_denials/property_contexts index 7532abc..7ae7c7a 100644 --- a/tracking_denials/property_contexts +++ b/tracking_denials/property_contexts @@ -16,7 +16,7 @@ persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 # Display -ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool +ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From af6b89552877f13d7b9fca979fd14ac87ff58187 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 6 Mar 2024 11:03:41 -0800 Subject: [PATCH 246/321] Add SOC specific ETE sysfs paths Bug: 321061072 Test: run profcollectd on device Change-Id: I7eb39a5e9f586e36edd11679b0988af2ff6b986b --- vendor/genfs_contexts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 051f4d7..e9fc108 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -360,3 +360,13 @@ genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u # Extcon genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon u:object_r:sysfs_extcon:s0 +# ARM ETE +genfscon sysfs /devices/platform/ete0 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete1 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete2 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete3 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete4 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete5 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete6 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete7 u:object_r:sysfs_devices_cs_etm:s0 + From 76c40d23cf562aa47772558f468521f9de591032 Mon Sep 17 00:00:00 2001 From: Yabin Cui Date: Wed, 6 Mar 2024 11:03:41 -0800 Subject: [PATCH 247/321] Add SOC specific ETE sysfs paths Bug: 321061072 Test: run profcollectd on device Change-Id: I7eb39a5e9f586e36edd11679b0988af2ff6b986b --- vendor/genfs_contexts | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 051f4d7..e9fc108 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -360,3 +360,13 @@ genfscon sysfs /devices/platform/13200000.ufs/pixel/boot_lun_enabled u # Extcon genfscon sysfs /devices/platform/108d0000.hsi2c/i2c-6/6-0025/extcon u:object_r:sysfs_extcon:s0 +# ARM ETE +genfscon sysfs /devices/platform/ete0 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete1 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete2 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete3 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete4 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete5 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete6 u:object_r:sysfs_devices_cs_etm:s0 +genfscon sysfs /devices/platform/ete7 u:object_r:sysfs_devices_cs_etm:s0 + From ff239639f8bd408e9e2098c1a69bc254a820edb2 Mon Sep 17 00:00:00 2001 From: John Chang Date: Wed, 6 Mar 2024 16:05:43 +0000 Subject: [PATCH 248/321] display: change vrr.enabled to xrr.version Bug: 328001545 Test: Test MRR Version 2 is properly configured Change-Id: I02291bb537fe5a09ab8a1aa755426f45465883a9 --- tracking_denials/property_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tracking_denials/property_contexts b/tracking_denials/property_contexts index 7532abc..7ae7c7a 100644 --- a/tracking_denials/property_contexts +++ b/tracking_denials/property_contexts @@ -16,7 +16,7 @@ persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 # Display -ro.vendor.primarydisplay.vrr.enabled u:object_r:vendor_display_prop:s0 exact bool +ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From f64d18749ffaf3132f16b44eb1ad47a2676fb663 Mon Sep 17 00:00:00 2001 From: timtmlin Date: Fri, 8 Mar 2024 23:30:03 +0800 Subject: [PATCH 249/321] allow GRIL native to read modem type telephony.ril.modem_bin_status is set by CBD Bug: 328148438 Test: check GRIL requests at TN modem and NTN modem Change-Id: I5a3265a89ff365fd5ae1f49a452b3abf73461c7c --- radio/hal_radioext_default.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te index 25cb7e5..9cd2f36 100644 --- a/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -4,6 +4,7 @@ init_daemon_domain(hal_radioext_default) hwbinder_use(hal_radioext_default) get_prop(hal_radioext_default, hwservicemanager_prop) +get_prop(hal_radioext_default, telephony_modemtype_prop) set_prop(hal_radioext_default, vendor_gril_prop) add_hwservice(hal_radioext_default, hal_radioext_hwservice) From 21601cc8666e2f5292c8cd344670d98ce0408cd7 Mon Sep 17 00:00:00 2001 From: John Chang Date: Fri, 8 Mar 2024 16:23:52 +0000 Subject: [PATCH 250/321] Move display properties from tracking_denials to vendor Bug: 328001545 Test: Test MRR Version 2 is properly configured Change-Id: Ib586398670b21bb88cd122647880149daa628d0d --- tracking_denials/property_contexts | 4 ---- vendor/property_contexts | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/tracking_denials/property_contexts b/tracking_denials/property_contexts index 7ae7c7a..b8d7fd3 100644 --- a/tracking_denials/property_contexts +++ b/tracking_denials/property_contexts @@ -15,8 +15,4 @@ vendor.gf. u:object_r:vendor_fingerprint_prop:s0 persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 -# Display -ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string -ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int -ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int diff --git a/vendor/property_contexts b/vendor/property_contexts index 7503d57..2d02ea3 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -26,3 +26,6 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # Display persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix +ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string +ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From 46d23223111e9cc6679b610a3942f1f635ac62a4 Mon Sep 17 00:00:00 2001 From: John Chang Date: Fri, 8 Mar 2024 16:23:52 +0000 Subject: [PATCH 251/321] Move display properties from tracking_denials to vendor Bug: 328001545 Test: Test MRR Version 2 is properly configured Change-Id: Ib586398670b21bb88cd122647880149daa628d0d --- tracking_denials/property_contexts | 4 ---- vendor/property_contexts | 3 +++ 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/tracking_denials/property_contexts b/tracking_denials/property_contexts index 7ae7c7a..b8d7fd3 100644 --- a/tracking_denials/property_contexts +++ b/tracking_denials/property_contexts @@ -15,8 +15,4 @@ vendor.gf. u:object_r:vendor_fingerprint_prop:s0 persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 -# Display -ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string -ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int -ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int diff --git a/vendor/property_contexts b/vendor/property_contexts index 7503d57..2d02ea3 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -26,3 +26,6 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # Display persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix +ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string +ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int From 026570c6c7b3184a4a1bb0a9722b03ec9962209a Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Thu, 14 Dec 2023 03:27:24 +0000 Subject: [PATCH 252/321] Allow hwc to access te_info Bug: 315094023 Test: can access sysfs node te_info Change-Id: I9d418ab92cc68e0234e19162812cc33a8c07e40c --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e9fc108..d99c164 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -291,6 +291,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_numb genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_info u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 From 51e4f2e9eb872a5561e81ca87faf22115d0e3e2d Mon Sep 17 00:00:00 2001 From: Oleg Blinnikov Date: Tue, 19 Mar 2024 15:55:27 +0000 Subject: [PATCH 253/321] persist.sys.hdcp_checking property added Change-Id: I7ae5e18afe7ee1b7d86c63adeda748e439b7b5ea Bug: 321344894 Test: modify property, see that max_ver file is updated --- system_ext/private/property_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 56360e3..22683bd 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -3,3 +3,6 @@ telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum nt telephony.ril.modem_bin_status u:object_r:telephony_modemtype_prop:s0 exact uint telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact bool + +# HDCP setting of the display connected via USB port +persist.sys.hdcp_checking u:object_r:usb_control_prop:s0 exact string From 1f38fe473a0ab2f9d150b1b8857c5fa734b20f26 Mon Sep 17 00:00:00 2001 From: derickhong Date: Tue, 27 Feb 2024 16:22:54 +0800 Subject: [PATCH 254/321] Update SELinux error Bug: 326869289 Test: adb shell dmesg | grep avc ; adb logcat -d | grep avc Change-Id: I57090ee64cafc5c2a9d98ec02152fdc9eb495591 --- tracking_denials/bug_map | 3 --- 1 file changed, 3 deletions(-) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 1e8b4bb..346638e 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -3,9 +3,6 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 hal_gnss_default vendor_gps_prop file b/318310869 -hal_graphics_composer_default sysfs file b/326869239 -hal_graphics_composer_default sysfs file b/326869289 -hal_graphics_composer_default sysfs file b/326869823 incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 sctd swcnd unix_stream_socket b/309550514 From bac2d41b9ca050747f7f7258b666683c55384278 Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Tue, 19 Mar 2024 07:45:43 +0000 Subject: [PATCH 255/321] sepolicy: allow kernel to search vendor debugfs audit: type=1400 audit(1710259012.824:4): avc: denied { search } for pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0 audit: type=1400 audit(1710427790.680:2): avc: denied { search } for pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1 audit: type=1400 audit(1710427790.680:3): avc: denied { search } for pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1 Bug: 328016570 Bug: 329317898 Test: check all debugfs folders are correctly mounted Change-Id: Ib25cc13a329b40bebe87fab43e955e2e4395de9e Signed-off-by: Spade Lee --- tracking_denials/genfs_contexts | 9 --------- vendor/genfs_contexts | 11 +++++++++++ vendor/kernel.te | 12 +++++++----- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/tracking_denials/genfs_contexts b/tracking_denials/genfs_contexts index e76d01e..b28f508 100644 --- a/tracking_denials/genfs_contexts +++ b/tracking_denials/genfs_contexts @@ -27,16 +27,7 @@ genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 # debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 # Storage genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e9fc108..136a3aa 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -37,6 +37,17 @@ genfscon sysfs /class/power_supply/wireless/device/fw_rev # debugfs genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0 # GPU genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 diff --git a/vendor/kernel.te b/vendor/kernel.te index 32cbe0f..ea36a06 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -8,12 +8,14 @@ allow kernel per_boot_file:file r_file_perms; allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; -no_debugfs_restriction(` +userdebug_or_eng(` allow kernel vendor_battery_debugfs:dir search; + allow kernel vendor_regmap_debugfs:dir search; + allow kernel vendor_usb_debugfs:dir search; + allow kernel vendor_votable_debugfs:dir search; + allow kernel vendor_charger_debugfs:dir search; + allow kernel vendor_maxfg_debugfs:dir search; ') -allow kernel vendor_regmap_debugfs:dir search; -dontaudit kernel vendor_usb_debugfs:dir search; -dontaudit kernel vendor_votable_debugfs:dir search; -dontaudit kernel vendor_charger_debugfs:dir search; + From b5b20910e84be6023039c11a57da2b93e4633179 Mon Sep 17 00:00:00 2001 From: Hungyen Weng Date: Thu, 21 Mar 2024 17:34:50 +0000 Subject: [PATCH 256/321] Allow modem_svc to access modem files and perfetto Bug: 330730987 Test: Confirmed that modem_svc is able to access token db files in modem partition Test: Confiemed that modem_svc can send traces to perfetto Change-Id: Iaff263b1052cb565ffee30e442ee3c5824f35db9 --- radio/modem_svc_sit.te | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index 3b8b55e..aeb09b3 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -20,7 +20,7 @@ allow modem_svc_sit modem_stat_data_file:file create_file_perms; allow modem_svc_sit vendor_fw_file:dir search; allow modem_svc_sit vendor_fw_file:file r_file_perms; -allow modem_svc_sit mnt_vendor_file:dir search; +allow modem_svc_sit mnt_vendor_file:dir r_dir_perms; allow modem_svc_sit modem_userdata_file:dir create_dir_perms; allow modem_svc_sit modem_userdata_file:file create_file_perms; @@ -33,3 +33,12 @@ set_prop(modem_svc_sit, vendor_modem_prop) # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) + +# Write trace data to the Perfetto traced daemon. This requires connecting to +# its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(modem_svc_sit) + +# Allow modem_svc_sit to access modem image file/dir +allow modem_svc_sit modem_img_file:dir r_dir_perms; +allow modem_svc_sit modem_img_file:file r_file_perms; +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file From 8ff89c21d0f4ffafeac764e353d62917ca7b020a Mon Sep 17 00:00:00 2001 From: samou Date: Fri, 22 Mar 2024 10:38:08 +0000 Subject: [PATCH 257/321] sepolicy: fix odpm scale value path Extend odpm sysfs path to cover the different startup sequence. Bug: 330815850 Change-Id: Ifd346f379b71c790e175e08e74398bae0c0417df Signed-off-by: samou --- vendor/genfs_contexts | 48 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e9fc108..75110a2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -178,6 +178,54 @@ genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-mete genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_power11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device0/in_current11_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current0_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current1_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current2_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current3_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current4_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current5_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current6_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current7_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current8_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current9_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current10_scale u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@15510000/i2c-8/8-002f/s2mpg15-meter/s2mpg15-odpm/iio:device1/in_current11_scale u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@15500000/i2c-7/7-001f/s2mpg14-meter/s2mpg14-odpm/iio:device1/lpf_power u:object_r:sysfs_odpm:s0 From 79e12fe426ad88d8be407816b5b816e7de002740 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Mon, 18 Mar 2024 10:28:58 +0000 Subject: [PATCH 258/321] sepolicy: Allow PixelGnss to connect to Chre HAL avc: denied { call } for scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0 Bug: 316227249 Test: Verify PixelGnss HAL can connect to Chre HAL. Test: Function test verification b/330120749 without disable selinux. Test: No avc error log in logcat. Change-Id: I7f6a45cd80c7ccbba2af1a0d3f3d89f30267db00 --- vendor/hal_contexthub_default.te | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 vendor/hal_contexthub_default.te diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te new file mode 100644 index 0000000..e749f01 --- /dev/null +++ b/vendor/hal_contexthub_default.te @@ -0,0 +1,6 @@ +# +# Context hub multiclient HAL common selinux policies +# +# Allow binder call to PixelGnss PPS function. +binder_call(hal_contexthub_default, hal_gnss_pixel) + From c46f6cf333624081f6536adace7495c8bb1dd2a9 Mon Sep 17 00:00:00 2001 From: WeiChungChang Date: Thu, 14 Mar 2024 21:54:05 +0000 Subject: [PATCH 259/321] display: create entity_name property HWC should designate the entity name 'Inner-Display' for the primary display in cases of dual panels. Bug: 329370514 Test: verify powerstats for dual panel devices Change-Id: I284ff460709da6a8cb48a35bf2b805ea3d09c990 --- vendor/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index 2d02ea3..c2b15d9 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -29,3 +29,4 @@ persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 pre ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int +ro.vendor.primarydisplay.powerstats.entity_name u:object_r:vendor_display_prop:s0 exact string From ffb572cf1bbdbbb28984e7b9308c56a0bf58c754 Mon Sep 17 00:00:00 2001 From: Hidayat Khan Date: Tue, 19 Mar 2024 09:21:06 +0000 Subject: [PATCH 260/321] Define new persist vendor property vendor_ims_tiss_prop - Properties under this context are for go/tiss test mode - Properties can only be read by ShannonImsService as only getprop method is allowed Bug: 329006027 Test: flashed device and tested new prop locally Change-Id: I8a4aaf5a6b34798dbd9aed0b2bbc1a4a75924c27 --- radio/property.te | 1 + radio/property_contexts | 3 +++ radio/vendor_ims_app.te | 1 + 3 files changed, 5 insertions(+) diff --git a/radio/property.te b/radio/property.te index 4a2cc46..b4a6aa1 100644 --- a/radio/property.te +++ b/radio/property.te @@ -10,6 +10,7 @@ vendor_internal_prop(vendor_gril_prop) vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_imssvc_prop) +vendor_internal_prop(vendor_ims_tiss_prop) vendor_internal_prop(vendor_gps_prop) vendor_internal_prop(vendor_tcpdump_log_prop) diff --git a/radio/property_contexts b/radio/property_contexts index 3f2c917..549c745 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -5,6 +5,9 @@ persist.vendor.cbd. u:object_r:vendor_cbd_prop:s0 # for ims service persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0 +# for ims test mode based on go/tiss (do not modify, setprop should not be enabled) +persist.vendor.ims_tiss. u:object_r:vendor_ims_tiss_prop:s0 + # for slog vendor.sys.silentlog. u:object_r:vendor_slog_prop:s0 vendor.sys.exynos.slog. u:object_r:vendor_slog_prop:s0 diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te index ed65eae..adedbeb 100644 --- a/radio/vendor_ims_app.te +++ b/radio/vendor_ims_app.te @@ -18,3 +18,4 @@ binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) get_prop(vendor_ims_app, vendor_imssvc_prop) +get_prop(vendor_ims_app, vendor_ims_tiss_prop) From ed2820a221f5500ad94a374c2a72e510ca1a9b2a Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Tue, 19 Mar 2024 01:21:12 +0000 Subject: [PATCH 261/321] Add the selinux policy for MDS to access modem_state file avc deny: 2024-02-20 19:21:35.941 21780-21780 DiagnosticServi com.google.mds I type=1400 audit(0.0:1078): avc: denied { read } for name="modem_state" dev="sysfs" ino=60939 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds 2024-02-20 19:21:35.941 21780-21780 DiagnosticServi com.google.mds I type=1400 audit(0.0:1079): avc: denied { open } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=60939 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds 2024-02-20 19:21:35.941 21780-21780 DiagnosticServi com.google.mds I type=1400 audit(0.0:1080): avc: denied { getattr } for path="/sys/devices/platform/cpif/modem_state" dev="sysfs" ino=60939 scontext=u:r:modem_diagnostic_app:s0:c512,c768 tcontext=u:object_r:sysfs:s0 tclass=file permissive=1 app=com.google.mds Bug: 331202327 Change-Id: I49bd28e4ae3b311c7e4b98567b929d3b887e0238 --- radio/modem_diagnostic_app.te | 2 ++ 1 file changed, 2 insertions(+) diff --git a/radio/modem_diagnostic_app.te b/radio/modem_diagnostic_app.te index aaf2aab..03e3af6 100644 --- a/radio/modem_diagnostic_app.te +++ b/radio/modem_diagnostic_app.te @@ -7,6 +7,8 @@ allow modem_diagnostic_app app_api_service:service_manager find; allow modem_diagnostic_app radio_service:service_manager find; userdebug_or_eng(` + allow modem_diagnostic_app sysfs_modem_state:file r_file_perms; + hal_client_domain(modem_diagnostic_app, hal_power_stats); allow modem_diagnostic_app hal_exynos_rild_hwservice:hwservice_manager find; From 2c3dc0c668a2fcc4786bb35f45fd054530ccfa17 Mon Sep 17 00:00:00 2001 From: Chris Lu Date: Tue, 30 Jan 2024 10:12:41 +0000 Subject: [PATCH 262/321] Label te2_rate_hz and te2_option as sysfs_display Bug: 307787644 Test: Check the files label: adb shell ls -Z Change-Id: Iab036b86b6d0c28191212a3ac10be6ddb5dcbd2b --- vendor/genfs_contexts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 75110a2..b73dc26 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -348,6 +348,8 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight/p genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_te u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count_unknown u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0 # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 From 1a1679c87ea062727b5150cea2366189bb51e339 Mon Sep 17 00:00:00 2001 From: Hungyen Weng Date: Thu, 21 Mar 2024 17:34:50 +0000 Subject: [PATCH 263/321] Allow modem_svc to access modem files and perfetto Bug: 330730987 Test: Confirmed that modem_svc is able to access token db files in modem partition Test: Confiemed that modem_svc can send traces to perfetto Change-Id: Iaff263b1052cb565ffee30e442ee3c5824f35db9 (cherry picked from commit b5b20910e84be6023039c11a57da2b93e4633179) --- radio/modem_svc_sit.te | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index 3b8b55e..aeb09b3 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -20,7 +20,7 @@ allow modem_svc_sit modem_stat_data_file:file create_file_perms; allow modem_svc_sit vendor_fw_file:dir search; allow modem_svc_sit vendor_fw_file:file r_file_perms; -allow modem_svc_sit mnt_vendor_file:dir search; +allow modem_svc_sit mnt_vendor_file:dir r_dir_perms; allow modem_svc_sit modem_userdata_file:dir create_dir_perms; allow modem_svc_sit modem_userdata_file:file create_file_perms; @@ -33,3 +33,12 @@ set_prop(modem_svc_sit, vendor_modem_prop) # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) + +# Write trace data to the Perfetto traced daemon. This requires connecting to +# its producer socket and obtaining a (per-process) tmpfs fd. +perfetto_producer(modem_svc_sit) + +# Allow modem_svc_sit to access modem image file/dir +allow modem_svc_sit modem_img_file:dir r_dir_perms; +allow modem_svc_sit modem_img_file:file r_file_perms; +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file From 7299abaa81f659237182e810e2538b23ecfa8ee4 Mon Sep 17 00:00:00 2001 From: Priyanka Advani Date: Thu, 28 Mar 2024 17:20:53 +0000 Subject: [PATCH 264/321] Revert "sepolicy: Allow PixelGnss to connect to Chre HAL" Revert submission 26593083-lassen_pps Reason for revert: Culprit for test breakages in b/331680556. Will be verifying through ABTD for confirmation and before submitting the revert. Bug: b/331680556 Reverted changes: /q/submissionid:26593083-lassen_pps Change-Id: I64487bc049ac7aa53b5bff461a033f70428ab6a9 --- vendor/hal_contexthub_default.te | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 vendor/hal_contexthub_default.te diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te deleted file mode 100644 index e749f01..0000000 --- a/vendor/hal_contexthub_default.te +++ /dev/null @@ -1,6 +0,0 @@ -# -# Context hub multiclient HAL common selinux policies -# -# Allow binder call to PixelGnss PPS function. -binder_call(hal_contexthub_default, hal_gnss_pixel) - From e94313c494ccacaf0cad51db11d09234cb5c06b3 Mon Sep 17 00:00:00 2001 From: kierancyphus Date: Wed, 13 Mar 2024 15:33:36 +0800 Subject: [PATCH 265/321] shamp: Allow shamp to register AIDL hal Bug: 329367768 The `file_contexts` were modified to give the previous `modem_svc_sit` permissions to the new `shared_modem_platform` executable. Additionally, it was marked as a valid server for the `ISharedModemPlaform` AIDL HAL. Test: Build, flash and check to make sure correct logs on boot Doc: go/shared-modem-platform-cpp-backend Change-Id: I6bd6454f1c0b0c39c3ef6477cbec0e9f53b97038 --- radio/file_contexts | 2 +- radio/modem_svc_sit.te | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/radio/file_contexts b/radio/file_contexts index 1fcdfdd..4c25199 100644 --- a/radio/file_contexts +++ b/radio/file_contexts @@ -6,12 +6,12 @@ /vendor/bin/sced u:object_r:sced_exec:s0 /vendor/bin/rfsd u:object_r:rfsd_exec:s0 /vendor/bin/modem_logging_control u:object_r:modem_logging_control_exec:s0 -/vendor/bin/modem_svc_sit u:object_r:modem_svc_sit_exec:s0 /vendor/bin/modem_ml_svc_sit u:object_r:modem_ml_svc_sit_exec:s0 /vendor/bin/cbd u:object_r:cbd_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 /vendor/bin/liboemservice_proxy_default u:object_r:liboemservice_proxy_default_exec:s0 +/vendor/bin/shared_modem_platform u:object_r:modem_svc_sit_exec:s0 # Config files /vendor/etc/modem_ml_models\.conf u:object_r:modem_config_file:s0 diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index aeb09b3..fdec67f 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -34,6 +34,9 @@ set_prop(modem_svc_sit, vendor_modem_prop) allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) +# Modem SVC will register the default instance of the AIDL ISharedModemPlatform hal. +hal_server_domain(modem_svc_sit, hal_shared_modem_platform) + # Write trace data to the Perfetto traced daemon. This requires connecting to # its producer socket and obtaining a (per-process) tmpfs fd. perfetto_producer(modem_svc_sit) @@ -41,4 +44,4 @@ perfetto_producer(modem_svc_sit) # Allow modem_svc_sit to access modem image file/dir allow modem_svc_sit modem_img_file:dir r_dir_perms; allow modem_svc_sit modem_img_file:file r_file_perms; -allow modem_svc_sit modem_img_file:lnk_file r_file_perms; \ No newline at end of file +allow modem_svc_sit modem_img_file:lnk_file r_file_perms; From f080553fa0bbf5abd5742ba49a79973b487b3d64 Mon Sep 17 00:00:00 2001 From: cweichun Date: Fri, 29 Mar 2024 12:14:06 +0000 Subject: [PATCH 266/321] display: low-light blocking zone support Bug: 315876417 Test: verify the functionality works Change-Id: I8de35ac0685c9b5b07385001479906a84901b347 --- vendor/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index c2b15d9..c5c65fc 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -27,6 +27,7 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # Display persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string +ro.vendor.primarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.powerstats.entity_name u:object_r:vendor_display_prop:s0 exact string From aac2240ca4e3106531479149ccc30ce9120012ff Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Tue, 19 Mar 2024 07:45:43 +0000 Subject: [PATCH 267/321] sepolicy: allow kernel to search vendor debugfs audit: type=1400 audit(1710259012.824:4): avc: denied { search } for pid=128 comm="kworker/3:1" name="max77779fg" dev="debugfs" ino=24204 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_maxfg_debugfs:s0 tclass=dir permissive=0 audit: type=1400 audit(1710427790.680:2): avc: denied { search } for pid=10 comm="kworker/u16:1" name="gvotables" dev="debugfs" ino=10582 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_votable_debugfs:s0 tclass=dir permissive=1 audit: type=1400 audit(1710427790.680:3): avc: denied { search } for pid=211 comm="kworker/u16:4" name="google_charger" dev="debugfs" ino=16673 scontext=u:r:kernel:s0 tcontext=u:object_r:vendor_charger_debugfs:s0 tclass=dir permissive=1 Bug: 328016570 Bug: 329317898 Test: check all debugfs folders are correctly mounted Change-Id: Ib25cc13a329b40bebe87fab43e955e2e4395de9e Signed-off-by: Spade Lee --- tracking_denials/genfs_contexts | 9 --------- vendor/genfs_contexts | 11 +++++++++++ vendor/kernel.te | 12 +++++++----- 3 files changed, 18 insertions(+), 14 deletions(-) diff --git a/tracking_denials/genfs_contexts b/tracking_denials/genfs_contexts index e76d01e..b28f508 100644 --- a/tracking_denials/genfs_contexts +++ b/tracking_denials/genfs_contexts @@ -27,16 +27,7 @@ genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/cur_freq u:object_r:sysfs_devfreq_cur:s0 # debugfs -genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 -genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 -genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 -genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 # Storage genfscon sysfs /devices/platform/13200000.ufs/hibern8_on_idle_enable u:object_r:sysfs_scsi_devices_0000:s0 diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index b73dc26..62d0a28 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -37,6 +37,17 @@ genfscon sysfs /class/power_supply/wireless/device/fw_rev # debugfs genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 +genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77779_pmic u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 +genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 +genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /max77779fg u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0 # GPU genfscon sysfs /devices/platform/1f000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 diff --git a/vendor/kernel.te b/vendor/kernel.te index 32cbe0f..ea36a06 100644 --- a/vendor/kernel.te +++ b/vendor/kernel.te @@ -8,12 +8,14 @@ allow kernel per_boot_file:file r_file_perms; allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; -no_debugfs_restriction(` +userdebug_or_eng(` allow kernel vendor_battery_debugfs:dir search; + allow kernel vendor_regmap_debugfs:dir search; + allow kernel vendor_usb_debugfs:dir search; + allow kernel vendor_votable_debugfs:dir search; + allow kernel vendor_charger_debugfs:dir search; + allow kernel vendor_maxfg_debugfs:dir search; ') -allow kernel vendor_regmap_debugfs:dir search; -dontaudit kernel vendor_usb_debugfs:dir search; -dontaudit kernel vendor_votable_debugfs:dir search; -dontaudit kernel vendor_charger_debugfs:dir search; + From cdd424134a0b1f1614925ee6c07c1e1049391d8a Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Tue, 2 Apr 2024 09:00:35 +0000 Subject: [PATCH 268/321] sepolicy: sysfs to gnssif/wakeup node avc: denied { read } for comm="binder:459_2" name="wakeup2" dev="sysfs" ino=54040 scontext=u:r:system_suspend:s0 tcontext=u:object_r:sysfs:s0 tclass=dir permissive=0 Bug: 329334328 Test: abtd under b/329334328 device-boot-health-check-extra. Test: boot and check logcat avc. Change-Id: If0e95efee521d15928648d1042f87d02fd41c637 --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index b73dc26..99dfaf2 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -121,6 +121,7 @@ genfscon sysfs /devices/platform/odm/odm:qcom,qbt-handler/wakeup genfscon sysfs /devices/platform/sound-aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19450000.drmdsim/19450000.drmdsim.0/wakeup/ u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/gnssif/wakeup u:object_r:sysfs_wakeup:s0 # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 From 0b6fd93f3e473d84307be8415bc6fd809f3a2256 Mon Sep 17 00:00:00 2001 From: cweichun Date: Fri, 29 Mar 2024 12:14:06 +0000 Subject: [PATCH 269/321] display: low-light blocking zone support Bug: 315876417 Test: verify the functionality works Change-Id: I8de35ac0685c9b5b07385001479906a84901b347 --- vendor/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index c2b15d9..c5c65fc 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -27,6 +27,7 @@ vendor.mali. u:object_r:vendor_arm_runtime_option_ # Display persist.vendor.primarydisplay. u:object_r:vendor_display_prop:s0 prefix ro.vendor.primarydisplay.xrr.version u:object_r:vendor_display_prop:s0 exact string +ro.vendor.primarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendor_display_prop:s0 exact string ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.powerstats.entity_name u:object_r:vendor_display_prop:s0 exact string From f1b959a0edaf363448a5b5e0cbce2d1d1d7eb13b Mon Sep 17 00:00:00 2001 From: Frank Yu Date: Mon, 18 Mar 2024 02:21:32 +0000 Subject: [PATCH 270/321] Update SEpolicy for grilservice_app register callbacks of AntennaTuningService. Remove callbacks from radioext native service to grilservice_app. Bug: 321790599 Test: Manual test. gripservice_app receive update from callback successfully. Because moving out the callbacks from radioext to grilservice_app, we don't need antennatuningservice bind to radioext anymore. Change-Id: I6827b506b9893e43d6d9268f623b33b848863a7c --- radio/hal_radioext_default.te | 6 ------ vendor/twoshay.te | 2 +- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/radio/hal_radioext_default.te b/radio/hal_radioext_default.te index 9cd2f36..c978ffe 100644 --- a/radio/hal_radioext_default.te +++ b/radio/hal_radioext_default.te @@ -22,9 +22,3 @@ allow hal_radioext_default radio_vendor_data_file:file create_file_perms; # Bluetooth allow hal_radioext_default hal_bluetooth_coexistence_hwservice:hwservice_manager find; allow hal_radioext_default hal_bluetooth_coexistence_service:service_manager find; - -# Twoshay -binder_use(hal_radioext_default) -allow hal_radioext_default gril_antenna_tuning_service:service_manager find; -binder_call(hal_radioext_default, gril_antenna_tuning_service) -binder_call(hal_radioext_default, twoshay) diff --git a/vendor/twoshay.te b/vendor/twoshay.te index 48829f3..83d9e1a 100644 --- a/vendor/twoshay.te +++ b/vendor/twoshay.te @@ -1,7 +1,7 @@ # Allow ITouchContextService callback binder_call(twoshay, systemui_app) -binder_call(twoshay, hal_radioext_default) +binder_call(twoshay, grilservice_app) # b/324278826 unix_socket_connect(twoshay, chre, chre) From 2761dbe28b294be5199aba6ee73013427e8d627f Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Thu, 14 Mar 2024 15:28:29 +0800 Subject: [PATCH 271/321] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. New paths (ag/26620507): RamdumpService: device/google/gs-common/ramdump_app SSRestartDetector: device/google/gs-common/ssr_detector_app Bug: 298102808 Design: go/sys-software-logging Test: Manual Change-Id: I455630b347f9f234365fec371142582d2cc0640a --- legacy/zuma/vendor/ramdump_app.te | 24 ------------------------ radio/seapp_contexts | 3 --- radio/ssr_detector.te | 24 ------------------------ tracking_denials/seapp_contexts | 3 --- 4 files changed, 54 deletions(-) delete mode 100644 legacy/zuma/vendor/ramdump_app.te delete mode 100644 radio/ssr_detector.te diff --git a/legacy/zuma/vendor/ramdump_app.te b/legacy/zuma/vendor/ramdump_app.te deleted file mode 100644 index 308e9fb..0000000 --- a/legacy/zuma/vendor/ramdump_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type ramdump_app, domain; - -userdebug_or_eng(` - app_domain(ramdump_app) - - allow ramdump_app app_api_service:service_manager find; - - allow ramdump_app ramdump_vendor_data_file:file create_file_perms; - allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; - - set_prop(ramdump_app, vendor_ramdump_prop) - get_prop(ramdump_app, system_boot_reason_prop) - - # To access ramdumpfs. - allow ramdump_app mnt_vendor_file:dir search; - allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; - allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; - - # To access subsystem ramdump files and dirs. - allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; -') diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 2dea8c9..82d71dc 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -1,6 +1,3 @@ -# Sub System Ramdump -user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user - # CBRS setup app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te deleted file mode 100644 index 2caf6d7..0000000 --- a/radio/ssr_detector.te +++ /dev/null @@ -1,24 +0,0 @@ -type ssr_detector_app, domain; - -app_domain(ssr_detector_app) -allow ssr_detector_app app_api_service:service_manager find; -allow ssr_detector_app radio_service:service_manager find; - -allow ssr_detector_app system_app_data_file:dir create_dir_perms; -allow ssr_detector_app system_app_data_file:file create_file_perms; - -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; -userdebug_or_eng(` - allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; - get_prop(ssr_detector_app, vendor_aoc_prop) - allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; - allow ssr_detector_app sysfs_sjtag:file rw_file_perms; - allow ssr_detector_app proc_vendor_sched:dir search; - allow ssr_detector_app proc_vendor_sched:file rw_file_perms; - allow ssr_detector_app cgroup:file write; -') - -get_prop(ssr_detector_app, vendor_ssrdump_prop) -get_prop(ssr_detector_app, vendor_wifi_version) diff --git a/tracking_denials/seapp_contexts b/tracking_denials/seapp_contexts index 7c87136..74fea00 100644 --- a/tracking_denials/seapp_contexts +++ b/tracking_denials/seapp_contexts @@ -1,9 +1,6 @@ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all From 468011067bb7297f59f938f62db92ad703439438 Mon Sep 17 00:00:00 2001 From: Hidayat Khan Date: Tue, 9 Apr 2024 01:24:40 +0000 Subject: [PATCH 272/321] Change get_prop to only be allowed for userdebug or eng build. Bug: 329006027 Test: flashed device and tested new prop locally Change-Id: Ifdc250cccbd43f237942dc4e11e50f3c968bf65d --- radio/vendor_ims_app.te | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/radio/vendor_ims_app.te b/radio/vendor_ims_app.te index adedbeb..b0aba05 100644 --- a/radio/vendor_ims_app.te +++ b/radio/vendor_ims_app.te @@ -18,4 +18,6 @@ binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) get_prop(vendor_ims_app, vendor_imssvc_prop) -get_prop(vendor_ims_app, vendor_ims_tiss_prop) +userdebug_or_eng(` + get_prop(vendor_ims_app, vendor_ims_tiss_prop) +') From aa139f50d2afdf71bcc907753f7fb94eb95546fb Mon Sep 17 00:00:00 2001 From: Aswin Sankar Date: Tue, 9 Apr 2024 13:28:42 -0700 Subject: [PATCH 273/321] Add telephony_modemtype_prop to GRIL service Bug:315993263 Test: Manual test with GRIL changes to read out SystemProperty("telephony.ril.modem_bin_status"). Change-Id: I67303f1410e5dfb4472185210f41437be01d473b --- radio/grilservice_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 090cbe6..9e9eea4 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -20,3 +20,4 @@ hal_client_domain(grilservice_app, hal_power_stats) # Read access to /sys/kernel/irq allow grilservice_app sysfs_irq:dir r_dir_perms; allow grilservice_app sysfs_irq:file r_file_perms; +get_prop(grilservice_app, telephony_modemtype_prop) From a5660dceda4c6e9fc56f5d463b47dd384c843b76 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 11 Apr 2024 02:10:11 +0000 Subject: [PATCH 274/321] allow vendor init to access compaction_proactiveness Bug: 332916849 Test: boot Change-Id: Id640b5ae489e003e9b3bad6054f415f3742832c5 Signed-off-by: Martin Liu --- vendor/vendor_init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 671d734..e032592 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -7,3 +7,6 @@ allow vendor_init tee_data_file:lnk_file read; userdebug_or_eng(` set_prop(vendor_init, vendor_imssvc_prop) ') + +# MM +allow vendor_init proc_compaction_proactiveness:file w_file_perms; From 1270b7766db34f5f97c84d0de6b9acf1c4e943f0 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 11 Apr 2024 02:10:11 +0000 Subject: [PATCH 275/321] allow vendor init to access compaction_proactiveness Bug: 332916849 Test: boot Change-Id: Id640b5ae489e003e9b3bad6054f415f3742832c5 Merged-In: Id640b5ae489e003e9b3bad6054f415f3742832c5 Signed-off-by: Martin Liu --- vendor/vendor_init.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index a732da8..2c8db1d 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -2,3 +2,6 @@ set_prop(vendor_init, vendor_usb_config_prop) set_prop(vendor_init, vendor_display_prop) allow vendor_init tee_data_file:lnk_file read; + +# MM +allow vendor_init proc_compaction_proactiveness:file w_file_perms; From 8c4445390a7954773cb15d510bac39bc5253a74f Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 11 Apr 2024 08:23:27 +0000 Subject: [PATCH 276/321] allow vendor init to access percpu_pagelist_high_fraction Bug: 333838316 Test: boot Change-Id: I4b29278c4a7be10609e0aaafe99603d4762f64b6 Signed-off-by: Martin Liu --- vendor/vendor_init.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 2c8db1d..4dcc237 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -5,3 +5,4 @@ allow vendor_init tee_data_file:lnk_file read; # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; +allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; From b078a0eecaa48c0f6d1bfc11bb9109f38a24bb2c Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Fri, 12 Apr 2024 07:51:56 +0800 Subject: [PATCH 277/321] sepolicy: allow pixelstats to access maxfg_history to dump secondary battery history for dual battery projects: avc: denied { read } for name="maxfg_history" dev="tmpfs" ino=1127 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 Bug: 333952062 Change-Id: I072db3adff63c63ebbb5b1ba4dabfccfe3d6adac Signed-off-by: Jenny Ho --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 3cec364..0464808 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -79,6 +79,7 @@ /dev/sys/block/bootdevice(/.*)? u:object_r:bootdevice_sysdev:s0 /dev/socket/chre u:object_r:chre_socket:s0 /dev/battery_history u:object_r:battery_history_device:s0 +/dev/maxfg_history u:object_r:battery_history_device:s0 /dev/bbd_pwrstat u:object_r:power_stats_device:s0 /dev/edgetpu-soc u:object_r:edgetpu_device:s0 /dev/block/sda u:object_r:sda_block_device:s0 From 6d632595b693e806a5768258a6c4ef82ac00d0fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Krzysztof=20Kosi=C5=84ski?= Date: Fri, 12 Apr 2024 22:32:38 +0000 Subject: [PATCH 278/321] Remove legacy camera HAL policy. All of these accesses are still needed. Bug: 313934097 Test: presubmit Change-Id: I5222a7416d7cffed0d84b1a4c80f74edc4aadd49 --- legacy/zuma/vendor/google_camera_app.te | 7 -- legacy/zuma/vendor/hal_camera_default.te | 89 ---------------------- vendor/google_camera_app.te | 8 ++ vendor/hal_camera_default.te | 94 +++++++++++++++++++++++- 4 files changed, 100 insertions(+), 98 deletions(-) delete mode 100644 legacy/zuma/vendor/google_camera_app.te delete mode 100644 legacy/zuma/vendor/hal_camera_default.te diff --git a/legacy/zuma/vendor/google_camera_app.te b/legacy/zuma/vendor/google_camera_app.te deleted file mode 100644 index fd19c05..0000000 --- a/legacy/zuma/vendor/google_camera_app.te +++ /dev/null @@ -1,7 +0,0 @@ -# Allows GCA to acccess the GXP device & properties. -allow google_camera_app gxp_device:chr_file rw_file_perms; -get_prop(google_camera_app, vendor_gxp_prop) - -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/legacy/zuma/vendor/hal_camera_default.te b/legacy/zuma/vendor/hal_camera_default.te deleted file mode 100644 index 6f8a338..0000000 --- a/legacy/zuma/vendor/hal_camera_default.te +++ /dev/null @@ -1,89 +0,0 @@ -allow hal_camera_default self:global_capability_class_set sys_nice; -allow hal_camera_default kernel:process setsched; - -vndbinder_use(hal_camera_default); - -allow hal_camera_default lwis_device:chr_file rw_file_perms; - -# Face authentication code that is part of the camera HAL needs to allocate -# dma_bufs and access the Trusted Execution Environment device node -allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms; -allow hal_camera_default tee_device:chr_file rw_file_perms; - -# Allow the camera hal to access the EdgeTPU service and the -# Android shared memory allocated by the EdgeTPU service for -# on-device compilation. -allow hal_camera_default edgetpu_device:chr_file rw_file_perms; -allow hal_camera_default edgetpu_vendor_service:service_manager find; -binder_call(hal_camera_default, edgetpu_vendor_server) -# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging -# library has a dependency on edgetpu_app_service, see b/275016466. -allow hal_camera_default edgetpu_app_service:service_manager find; -binder_call(hal_camera_default, edgetpu_app_server) - -# Allow access to data files used by the camera HAL -allow hal_camera_default mnt_vendor_file:dir search; -allow hal_camera_default persist_file:dir search; -allow hal_camera_default persist_camera_file:dir rw_dir_perms; -allow hal_camera_default persist_camera_file:file create_file_perms; -allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; -allow hal_camera_default vendor_camera_data_file:file create_file_perms; - -# Allow creating dump files for debugging in non-release builds -userdebug_or_eng(` - allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; - allow hal_camera_default vendor_camera_data_file:file create_file_perms; -') - -# Allow access to camera-related system properties -set_prop(hal_camera_default, vendor_camera_prop); -get_prop(hal_camera_default, vendor_camera_debug_prop); -userdebug_or_eng(` - set_prop(hal_camera_default, vendor_camera_fatp_prop); - set_prop(hal_camera_default, vendor_camera_debug_prop); -') - - -hal_client_domain(hal_camera_default, hal_graphics_allocator); -hal_client_domain(hal_camera_default, hal_graphics_composer) -hal_client_domain(hal_camera_default, hal_power); -hal_client_domain(hal_camera_default, hal_thermal); - -# Allow access to sensor service for sensor_listener -binder_call(hal_camera_default, system_server); - -# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering -allow hal_camera_default eco_service:service_manager find; -binder_call(hal_camera_default, mediacodec_samsung); - -# Allow camera HAL to connect to the stats service. -allow hal_camera_default fwk_stats_service:service_manager find; - -# For observing apex file changes -allow hal_camera_default apex_info_file:file r_file_perms; - -# Allow camera HAL to query current device clock frequencies. -allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; - -# Allow camera HAL to read backlight of display -allow hal_camera_default sysfs_leds:dir r_dir_perms; -allow hal_camera_default sysfs_leds:file r_file_perms; - -# Allow camera HAL to query preferred camera frequencies from the radio HAL -# extensions to avoid interference with cellular antennas. -allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; -binder_call(hal_camera_default, hal_radioext_default); - -# Allow access to always-on compute device node -allow hal_camera_default aoc_device:chr_file rw_file_perms; - -# Allow camera HAL to send trace packets to Perfetto -userdebug_or_eng(`perfetto_producer(hal_camera_default)') - -# Some file searches attempt to access system data and are denied. -# This is benign and can be ignored. -dontaudit hal_camera_default system_data_file:dir { search }; - -# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/vendor/google_camera_app.te b/vendor/google_camera_app.te index aa3f9e3..c572c26 100644 --- a/vendor/google_camera_app.te +++ b/vendor/google_camera_app.te @@ -1,2 +1,10 @@ +# Allows GCA to acccess the GXP device & properties. +allow google_camera_app gxp_device:chr_file rw_file_perms; +get_prop(google_camera_app, vendor_gxp_prop) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + # Allows GCA to access the hw_jpeg /dev/video12. allow google_camera_app hw_jpg_device:chr_file rw_file_perms; diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 0b916fd..536a294 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -1,5 +1,95 @@ -# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes -wakelock_use(hal_camera_default) +allow hal_camera_default self:global_capability_class_set sys_nice; +allow hal_camera_default kernel:process setsched; + +vndbinder_use(hal_camera_default); + +allow hal_camera_default lwis_device:chr_file rw_file_perms; + +# Face authentication code that is part of the camera HAL needs to allocate +# dma_bufs and access the Trusted Execution Environment device node +allow hal_camera_default dmabuf_system_heap_device:chr_file r_file_perms; +allow hal_camera_default tee_device:chr_file rw_file_perms; + +# Allow the camera hal to access the EdgeTPU service and the +# Android shared memory allocated by the EdgeTPU service for +# on-device compilation. +allow hal_camera_default edgetpu_device:chr_file rw_file_perms; +allow hal_camera_default edgetpu_vendor_service:service_manager find; +binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging +# library has a dependency on edgetpu_app_service, see b/275016466. +allow hal_camera_default edgetpu_app_service:service_manager find; +binder_call(hal_camera_default, edgetpu_app_server) + +# Allow access to data files used by the camera HAL +allow hal_camera_default mnt_vendor_file:dir search; +allow hal_camera_default persist_file:dir search; +allow hal_camera_default persist_camera_file:dir rw_dir_perms; +allow hal_camera_default persist_camera_file:file create_file_perms; +allow hal_camera_default vendor_camera_data_file:dir rw_dir_perms; +allow hal_camera_default vendor_camera_data_file:file create_file_perms; + +# Allow creating dump files for debugging in non-release builds +userdebug_or_eng(` + allow hal_camera_default vendor_camera_data_file:dir create_dir_perms; + allow hal_camera_default vendor_camera_data_file:file create_file_perms; +') + +# Allow access to camera-related system properties +set_prop(hal_camera_default, vendor_camera_prop); +get_prop(hal_camera_default, vendor_camera_debug_prop); +userdebug_or_eng(` + set_prop(hal_camera_default, vendor_camera_fatp_prop); + set_prop(hal_camera_default, vendor_camera_debug_prop); +') + + +hal_client_domain(hal_camera_default, hal_graphics_allocator); +hal_client_domain(hal_camera_default, hal_graphics_composer) +hal_client_domain(hal_camera_default, hal_power); +hal_client_domain(hal_camera_default, hal_thermal); + +# Allow access to sensor service for sensor_listener +binder_call(hal_camera_default, system_server); + +# Allow Binder calls to ECO service, needed by Entropy-Aware Filtering +allow hal_camera_default eco_service:service_manager find; +binder_call(hal_camera_default, mediacodec_samsung); + +# Allow camera HAL to connect to the stats service. +allow hal_camera_default fwk_stats_service:service_manager find; + +# For observing apex file changes +allow hal_camera_default apex_info_file:file r_file_perms; + +# Allow camera HAL to query current device clock frequencies. +allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; + +# Allow camera HAL to read backlight of display +allow hal_camera_default sysfs_leds:dir r_dir_perms; +allow hal_camera_default sysfs_leds:file r_file_perms; + +# Allow camera HAL to query preferred camera frequencies from the radio HAL +# extensions to avoid interference with cellular antennas. +allow hal_camera_default hal_radioext_hwservice:hwservice_manager find; +binder_call(hal_camera_default, hal_radioext_default); # Allows camera HAL to access the hw_jpeg /dev/video12. allow hal_camera_default hw_jpg_device:chr_file rw_file_perms; + +# Allow access to always-on compute device node +allow hal_camera_default aoc_device:chr_file rw_file_perms; + +# Allow camera HAL to send trace packets to Perfetto +userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; + +# Allow the Camera HAL to acquire wakelocks for buffer pre-allocation purposes +wakelock_use(hal_camera_default) From 4d50d35fcdb18598d39e64df374ef632c5be3dd9 Mon Sep 17 00:00:00 2001 From: Kevin DuBois Date: Fri, 12 Apr 2024 19:40:56 -0700 Subject: [PATCH 279/321] Add `capacity_headroom` to gpu sysfs This allows userspace (notably the power HAL) to apply a boost to GPU frequency independent of previously measured load. Bug: 290625326 Test: boot, run modified Power HAL Change-Id: I87b2e3d3dbb0a6c3eb68970fc3f3380b61586a46 --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index ecb600b..17857f1 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -57,6 +57,7 @@ genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:obje genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/capacity_headroom u:object_r:sysfs_gpu:s0 # Haptics genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0043 u:object_r:sysfs_vibrator:s0 From 2ac5589553aeafaadc41a95e532c8c5a6f736861 Mon Sep 17 00:00:00 2001 From: Kyle Tso Date: Mon, 15 Apr 2024 17:12:30 +0800 Subject: [PATCH 280/321] file_contexts: Add logbuffer_pogo_transport Bug: 328314131 Change-Id: Ie846cc75366375d5bd4889b2cf8061baf2aa82a5 Signed-off-by: Kyle Tso --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 0464808..1bfd455 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -69,6 +69,7 @@ /dev/logbuffer_maxfg_secondary_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_tcpm u:object_r:logbuffer_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_pogo_transport u:object_r:logbuffer_device:s0 /dev/ttySAC0 u:object_r:tty_device:s0 /dev/bigwave u:object_r:video_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 From 6122e05a50b2b569f3326c43e5a1fffe30811bb0 Mon Sep 17 00:00:00 2001 From: Rick Yiu Date: Mon, 15 Apr 2024 14:26:29 +0000 Subject: [PATCH 281/321] Allow vendor_init to move tasks To move tasks to cpuset system group. Bug: 328210236 Test: build pass Change-Id: I9336ec8922cbfed496ef37df73e3ecdf83a98584 --- vendor/vendor_init.te | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 4dcc237..e59752c 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -6,3 +6,9 @@ allow vendor_init tee_data_file:lnk_file read; # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; + +# CPUSET system group +allow vendor_init init:process { getsched setsched }; +allow vendor_init kernel:process { getsched setsched }; +allow vendor_init ueventd:process { getsched setsched }; +allow vendor_init prng_seeder:process { getsched setsched }; From 9fe206c50ff65decf5a86f4494760395d3f807ca Mon Sep 17 00:00:00 2001 From: Weizhung Ding Date: Wed, 17 Apr 2024 08:27:18 +0000 Subject: [PATCH 282/321] display: low-light blocking zone for secondary display Bug: 320804821 Test: dumpsys SurfaceFlinger| grep "blocking zone" Change-Id: Iba1e005ddaf28a7a8d1d10677b5e501aaefa6c68 --- vendor/property_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/property_contexts b/vendor/property_contexts index c5c65fc..c3402ac 100644 --- a/vendor/property_contexts +++ b/vendor/property_contexts @@ -31,3 +31,4 @@ ro.vendor.primarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendo ro.vendor.primarydisplay.vrr.expected_present.headsup_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.vrr.expected_present.timeout_ns u:object_r:vendor_display_prop:s0 exact int ro.vendor.primarydisplay.powerstats.entity_name u:object_r:vendor_display_prop:s0 exact string +ro.vendor.secondarydisplay.blocking_zone.min_refresh_rate_by_nits u:object_r:vendor_display_prop:s0 exact string From c989d47ad9ae131c97f0ab6686b4e4cde4a448f4 Mon Sep 17 00:00:00 2001 From: Achigo Liu Date: Wed, 17 Apr 2024 09:35:40 +0000 Subject: [PATCH 283/321] Revert "Allow vendor_init to move tasks" Revert submission 26931570-cpuset_system_group Reason for revert: b/335346990 suspend/resume ramdump or black screen Reverted changes: /q/submissionid:26931570-cpuset_system_group Change-Id: Ib505a519b519bf8c907ca9f5973d01a2f00bd841 --- vendor/vendor_init.te | 6 ------ 1 file changed, 6 deletions(-) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index e59752c..4dcc237 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -6,9 +6,3 @@ allow vendor_init tee_data_file:lnk_file read; # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; - -# CPUSET system group -allow vendor_init init:process { getsched setsched }; -allow vendor_init kernel:process { getsched setsched }; -allow vendor_init ueventd:process { getsched setsched }; -allow vendor_init prng_seeder:process { getsched setsched }; From 94c0de48467ff810f979e48a9a7b4606200385a6 Mon Sep 17 00:00:00 2001 From: Achigo Liu Date: Wed, 17 Apr 2024 09:35:40 +0000 Subject: [PATCH 284/321] Revert "Allow vendor_init to move tasks" Revert submission 26931570-cpuset_system_group Reason for revert: b/335346990 suspend/resume ramdump or black screen Reverted changes: /q/submissionid:26931570-cpuset_system_group (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:c989d47ad9ae131c97f0ab6686b4e4cde4a448f4) Merged-In: Ib505a519b519bf8c907ca9f5973d01a2f00bd841 Change-Id: Ib505a519b519bf8c907ca9f5973d01a2f00bd841 --- vendor/vendor_init.te | 6 ------ 1 file changed, 6 deletions(-) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 1c0fd1e..87d4557 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -11,9 +11,3 @@ userdebug_or_eng(` # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; - -# CPUSET system group -allow vendor_init init:process { getsched setsched }; -allow vendor_init kernel:process { getsched setsched }; -allow vendor_init ueventd:process { getsched setsched }; -allow vendor_init prng_seeder:process { getsched setsched }; From 9127824dd64d753339f1336b28bc515fd86dd011 Mon Sep 17 00:00:00 2001 From: Martin Liu Date: Thu, 18 Apr 2024 01:57:01 +0000 Subject: [PATCH 285/321] move common MM policy to gs common folder Bug: 332916849 Bug: 309409009 Test: boot Change-Id: I66e6a70e798937c7a651f9400558c431237b3a9e Signed-off-by: Martin Liu --- vendor/vendor_init.te | 3 --- 1 file changed, 3 deletions(-) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 87d4557..7a8ec91 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -8,6 +8,3 @@ userdebug_or_eng(` set_prop(vendor_init, vendor_imssvc_prop) ') -# MM -allow vendor_init proc_compaction_proactiveness:file w_file_perms; -allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; From e4ceb50a9cc17d702f6b7f56e7a0d1769ad1f0fc Mon Sep 17 00:00:00 2001 From: Enzo Liao Date: Thu, 14 Mar 2024 15:28:29 +0800 Subject: [PATCH 286/321] Move SELinux policies of RamdumpService and SSRestartDetector to /gs-common. New paths (ag/26620507): RamdumpService: device/google/gs-common/ramdump_app SSRestartDetector: device/google/gs-common/ssr_detector_app Bug: 298102808 Design: go/sys-software-logging Test: Manual (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2761dbe28b294be5199aba6ee73013427e8d627f) Merged-In: I455630b347f9f234365fec371142582d2cc0640a Change-Id: I455630b347f9f234365fec371142582d2cc0640a --- legacy/zuma/vendor/ramdump_app.te | 24 ------------------------ radio/seapp_contexts | 3 --- radio/ssr_detector.te | 24 ------------------------ tracking_denials/seapp_contexts | 3 --- 4 files changed, 54 deletions(-) delete mode 100644 legacy/zuma/vendor/ramdump_app.te delete mode 100644 radio/ssr_detector.te diff --git a/legacy/zuma/vendor/ramdump_app.te b/legacy/zuma/vendor/ramdump_app.te deleted file mode 100644 index 308e9fb..0000000 --- a/legacy/zuma/vendor/ramdump_app.te +++ /dev/null @@ -1,24 +0,0 @@ -type ramdump_app, domain; - -userdebug_or_eng(` - app_domain(ramdump_app) - - allow ramdump_app app_api_service:service_manager find; - - allow ramdump_app ramdump_vendor_data_file:file create_file_perms; - allow ramdump_app ramdump_vendor_data_file:dir create_dir_perms; - - set_prop(ramdump_app, vendor_ramdump_prop) - get_prop(ramdump_app, system_boot_reason_prop) - - # To access ramdumpfs. - allow ramdump_app mnt_vendor_file:dir search; - allow ramdump_app ramdump_vendor_mnt_file:dir create_dir_perms; - allow ramdump_app ramdump_vendor_mnt_file:file create_file_perms; - - # To access subsystem ramdump files and dirs. - allow ramdump_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ramdump_app sscoredump_vendor_data_coredump_file:file r_file_perms; -') diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 2dea8c9..82d71dc 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -1,6 +1,3 @@ -# Sub System Ramdump -user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detector_app type=system_app_data_file levelFrom=user - # CBRS setup app user=_app seinfo=platform name=com.google.googlecbrs domain=cbrs_setup_app type=app_data_file levelFrom=user diff --git a/radio/ssr_detector.te b/radio/ssr_detector.te deleted file mode 100644 index 2caf6d7..0000000 --- a/radio/ssr_detector.te +++ /dev/null @@ -1,24 +0,0 @@ -type ssr_detector_app, domain; - -app_domain(ssr_detector_app) -allow ssr_detector_app app_api_service:service_manager find; -allow ssr_detector_app radio_service:service_manager find; - -allow ssr_detector_app system_app_data_file:dir create_dir_perms; -allow ssr_detector_app system_app_data_file:file create_file_perms; - -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; -userdebug_or_eng(` - allow ssr_detector_app sscoredump_vendor_data_coredump_file:dir r_dir_perms; - allow ssr_detector_app sscoredump_vendor_data_coredump_file:file r_file_perms; - get_prop(ssr_detector_app, vendor_aoc_prop) - allow ssr_detector_app sysfs_sjtag:dir r_dir_perms; - allow ssr_detector_app sysfs_sjtag:file rw_file_perms; - allow ssr_detector_app proc_vendor_sched:dir search; - allow ssr_detector_app proc_vendor_sched:file rw_file_perms; - allow ssr_detector_app cgroup:file write; -') - -get_prop(ssr_detector_app, vendor_ssrdump_prop) -get_prop(ssr_detector_app, vendor_wifi_version) diff --git a/tracking_denials/seapp_contexts b/tracking_denials/seapp_contexts index 7c87136..74fea00 100644 --- a/tracking_denials/seapp_contexts +++ b/tracking_denials/seapp_contexts @@ -1,9 +1,6 @@ # Domain for EuiccSupportPixel user=_app isPrivApp=true seinfo=EuiccSupportPixel name=com.google.euiccpixel domain=euiccpixel_app type=app_data_file levelFrom=all -# coredump/ramdump -user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all - # Domain for connectivity monitor user=_app isPrivApp=true seinfo=platform name=com.google.android.connectivitymonitor domain=con_monitor_app type=app_data_file levelFrom=all From dd71a9cf2794afecd2699bf1b245a98b5bfae376 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Thu, 7 Mar 2024 10:00:09 +0100 Subject: [PATCH 287/321] Add permission for storageproxy to create symlinks for ss Bug: 324989972 Test: Manually test that symlinks are created with no avc denials Change-Id: I3f0559ee062c1b5393a2a35f957fbc8528bb58de Signed-off-by: Donnie Pollitz --- vendor/tee.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/tee.te b/vendor/tee.te index ba5ee08..0a6139b 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -1,2 +1,3 @@ allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee tee_userdata_block_device:blk_file rw_file_perms; +allow tee tee_data_file:lnk_file create; From e1132a4be2ad435cfdce57612235d64558bd8b97 Mon Sep 17 00:00:00 2001 From: Jenny Ho Date: Tue, 23 Apr 2024 15:44:18 +0800 Subject: [PATCH 288/321] sepolicy: add permission to dump max77779 fwupdate logbuffer W dump_power: type=1400 audit(0.0:9): avc: denied { read } for name="logbuffer_max77779_fwupdate" dev="tmpfs" ino=1570 scontext=u:r:dump_power:s0 tcontext=u:object_r:device:s0 tclass=chr_file permissive=0 Bug: 334198978 Change-Id: I1505abe88a18269ce50dbcec48d91622874f9a26 Signed-off-by: Jenny Ho --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 0464808..57118c8 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -131,6 +131,7 @@ /dev/logbuffer_cpif u:object_r:logbuffer_device:s0 /dev/logbuffer_max77779fg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/logbuffer_max77779_fwupdate u:object_r:logbuffer_device:s0 /dev/lwis-be-core u:object_r:lwis_device:s0 /dev/lwis-dpm u:object_r:lwis_device:s0 /dev/lwis-gdc0 u:object_r:lwis_device:s0 From e7837b9987392c719deb63ba7ed82bfaa62d3652 Mon Sep 17 00:00:00 2001 From: Donnie Pollitz Date: Thu, 7 Mar 2024 10:00:09 +0100 Subject: [PATCH 289/321] Add permission for storageproxy to create symlinks for ss Bug: 324989972 Test: Manually test that symlinks are created with no avc denials Signed-off-by: Donnie Pollitz (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:dd71a9cf2794afecd2699bf1b245a98b5bfae376) Merged-In: I3f0559ee062c1b5393a2a35f957fbc8528bb58de Change-Id: I3f0559ee062c1b5393a2a35f957fbc8528bb58de --- vendor/tee.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/tee.te b/vendor/tee.te index ba5ee08..0a6139b 100644 --- a/vendor/tee.te +++ b/vendor/tee.te @@ -1,2 +1,3 @@ allow tee tee_persist_block_device:blk_file rw_file_perms; allow tee tee_userdata_block_device:blk_file rw_file_perms; +allow tee tee_data_file:lnk_file create; From b5629419fe159ba113290fc634866babb0496dfd Mon Sep 17 00:00:00 2001 From: Kevin Ying Date: Mon, 22 Apr 2024 21:33:05 +0000 Subject: [PATCH 290/321] Add sepolicy for power_state sysfs node Bug: 329703995 Test: manual - use camera with DisplayMonitor update Change-Id: Ifd738a1726ba1c2ff0931eac653737f9be7daa87 Signed-off-by: Kevin Ying --- vendor/genfs_contexts | 1 + vendor/hal_camera_default.te | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 89c6637..f853d6b 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -345,6 +345,7 @@ genfscon sysfs /devices/platform/19471000.drmdecon/counters genfscon sysfs /devices/platform/19472000.drmdecon/counters u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/available_disp_stats u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/power_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 diff --git a/vendor/hal_camera_default.te b/vendor/hal_camera_default.te index 536a294..4072cd3 100644 --- a/vendor/hal_camera_default.te +++ b/vendor/hal_camera_default.te @@ -65,9 +65,10 @@ allow hal_camera_default apex_info_file:file r_file_perms; # Allow camera HAL to query current device clock frequencies. allow hal_camera_default sysfs_devfreq_cur:file r_file_perms; -# Allow camera HAL to read backlight of display +# Allow camera HAL to read display info, including backlight allow hal_camera_default sysfs_leds:dir r_dir_perms; allow hal_camera_default sysfs_leds:file r_file_perms; +allow hal_camera_default sysfs_display:file r_file_perms; # Allow camera HAL to query preferred camera frequencies from the radio HAL # extensions to avoid interference with cellular antennas. From f1834f0d8cf6c9ef324627f9502d2bf26a3e099a Mon Sep 17 00:00:00 2001 From: "Peter (YM)" Date: Thu, 25 Apr 2024 05:41:35 +0000 Subject: [PATCH 291/321] zumapro: sepolicy: Update gpu available_frequencies sepolicies. Apply similar group coverage to sysfs_devices_system_cpu, allow service to read available frequences and avoid invalid behaiovr Bug: 336698561 Test: ls -lZ /sys/devices/platform/1f000000.mali Change-Id: I5a4f0766b4778fd8895e41d52f6d6b92f9d90de5 Signed-off-by: Peter (YM) --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 89c6637..6cce28e 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -56,6 +56,7 @@ genfscon sysfs /devices/platform/1f000000.mali/dma_buf_gpu_mem u:obje genfscon sysfs /devices/platform/1f000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/kprcs u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/1f000000.mali/available_frequencies u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/1f000000.mali/cur_freq u:object_r:sysfs_gpu:s0 # Haptics From c4d15941317c9ae246e32ba8ab8f230e720ba9b1 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Mon, 1 Apr 2024 08:14:30 +0000 Subject: [PATCH 292/321] sepolicy: Allow PixelGnss to connect to Chre HAL avc: denied { call } for scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0 Bug: 330120749 Test: Verify PixelGnss HAL can connect to Chre HAL. Test: Function test verification b/330120749. Test: b/330120749#comment24 health boot check. Test: b/330120749#comment25 health boot check. Change-Id: I051cc19407ba168fadea4d51ed4aa1527e414bb7 --- vendor/hal_contexthub_default.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 vendor/hal_contexthub_default.te diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te new file mode 100644 index 0000000..6e9041a --- /dev/null +++ b/vendor/hal_contexthub_default.te @@ -0,0 +1,3 @@ + +# Allow binder call to PixelGnss PPS function. +binder_call(hal_contexthub_default, hal_gnss_pixel) From af3f9d9d623b2146839d3070aa15a9b978010571 Mon Sep 17 00:00:00 2001 From: YiKai Peng Date: Fri, 26 Apr 2024 07:24:17 +0000 Subject: [PATCH 293/321] selinux: label wakeup for BMS I2C 0x5B, 0x61 Bug: 335557235 Test: v2/pixel-health-guard/device-boot-health-check-extra Change-Id: If41db4725810a851f4a6a1a05566c2547f142da9 Signed-off-by: YiKai Peng --- vendor/genfs_contexts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 203e634..54cedd5 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -86,6 +86,14 @@ genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power/wakeup genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-003b/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply/wireless/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0061/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/power_supply/rt9471/power/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/power_supply/rt9471/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-005b/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/power/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-0057/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10ca0000.hsi2c/i2c-10/10-006e/power_supply/dc-mains/wakeup u:object_r:sysfs_wakeup:s0 From 5ce4700d6f22cd16dae3d37b215e304117755a69 Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Fri, 26 Apr 2024 17:02:26 +0000 Subject: [PATCH 294/321] [PMS]Add context for PixelModemService and allow the access to shared modem service. Bug: 335490443 Change-Id: Ie5c6b0191775d42d402632c46c34cafe77fe5e60 --- radio/pixel_modem_app.te | 10 ++++++++++ radio/seapp_contexts | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 radio/pixel_modem_app.te diff --git a/radio/pixel_modem_app.te b/radio/pixel_modem_app.te new file mode 100644 index 0000000..2fbe536 --- /dev/null +++ b/radio/pixel_modem_app.te @@ -0,0 +1,10 @@ +# pixel_modem_app is the selinux domain for pixel_modem_service + +type pixel_modem_app, domain; + +app_domain(pixel_modem_app) + +allow pixel_modem_app app_api_service:service_manager find; + +# Allow the pixel_modem_app to find and call shared modem platform service. +hal_client_domain(pixel_modem_app, hal_shared_modem_platform) diff --git a/radio/seapp_contexts b/radio/seapp_contexts index 82d71dc..7ed10c6 100644 --- a/radio/seapp_contexts +++ b/radio/seapp_contexts @@ -32,3 +32,6 @@ user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_ # Vendor Satellite Service user=_app isPrivApp=true seinfo=platform name=com.samsung.slsi.telephony.satelliteservice domain=vendor_satellite_service levelFrom=all + +# Domain for pixel_modem_app +user=_app isPrivApp=true seinfo=platform name=com.google.android.modem.pms domain=pixel_modem_app levelFrom=all From 098fb2dabca18f5a8de910757a22ff06c27aa219 Mon Sep 17 00:00:00 2001 From: Spade Lee Date: Sun, 28 Apr 2024 17:33:28 +0000 Subject: [PATCH 295/321] sepolicy: add logbuffer_device r_file_perms avc: denied { read } for name="logbuffer_max77779fg_monitor" dev="tmpfs" ino=1034 scontext=u:r:pixelstats_vendor:s0 tcontext=u:object_r:logbuffer_device:s0 tclass=chr_file permissive=0 Bug: 335934710 Test: no denied read logbuffer Change-Id: Ie9cc3d7d0dbfc480cc8ff0bab2d600b8abf688c7 Signed-off-by: Spade Lee --- vendor/pixelstats_vendor.te | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index be979ec..71ccca3 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,3 +1,4 @@ # Pca charge allow pixelstats_vendor sysfs_pca:file rw_file_perms; +allow pixelstats_vendor logbuffer_device:chr_file r_file_perms; From 91aa5ade23b0e338268760d77c896d71b32e2b68 Mon Sep 17 00:00:00 2001 From: Chungjui Fan Date: Wed, 10 Apr 2024 14:00:15 +0000 Subject: [PATCH 296/321] lights: Add LED sysfs sepolicy Bug: 307424586 Change-Id: I5b919d56a72d98c7173004b1380ca50e3691aacc Signed-off-by: Chungjui Fan --- vendor/genfs_contexts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 8a7f1c4..54b503a 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -434,3 +434,6 @@ genfscon sysfs /devices/platform/ete5 u:object_r:sysfs_devices_cs_etm:s0 genfscon sysfs /devices/platform/ete6 u:object_r:sysfs_devices_cs_etm:s0 genfscon sysfs /devices/platform/ete7 u:object_r:sysfs_devices_cs_etm:s0 +# Privacy LED +genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0 From 4c6f1b0a8169328c01c1ef8fb5835735583659cf Mon Sep 17 00:00:00 2001 From: Priyanka Advani Date: Thu, 2 May 2024 16:28:07 +0000 Subject: [PATCH 297/321] Revert "sepolicy: Allow PixelGnss to connect to Chre HAL" Revert submission 27007604-pps_topic Reason for revert: Droid-monitor created revert due to breakages in b/338407263. Will be verifying through ABTD before submission. Reverted changes: /q/submissionid:27007604-pps_topic Change-Id: Ib66d30e7de4fe1880296d2c66a99c2e941c96135 --- vendor/hal_contexthub_default.te | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 vendor/hal_contexthub_default.te diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te deleted file mode 100644 index 6e9041a..0000000 --- a/vendor/hal_contexthub_default.te +++ /dev/null @@ -1,3 +0,0 @@ - -# Allow binder call to PixelGnss PPS function. -binder_call(hal_contexthub_default, hal_gnss_pixel) From ae01acb47579871e8bd55db8eec85695e8105f0c Mon Sep 17 00:00:00 2001 From: Darren Hsu Date: Fri, 3 May 2024 15:02:55 +0800 Subject: [PATCH 298/321] sepolicy: allow hal_power_stats to read modem sysfs node avc: denied { read } for name="link_duration" dev="sysfs" ino=50065 scontext=u:r:hal_power_stats_default:s0 tcontext=u:object_r:sysfs:s0 tclass=file permissive=0 Bug: 338278462 Test: dumpsys android.hardware.power.stats.IPowerStats/default Change-Id: I691955410fb2cc24f8a372c6176a4fb7490309c4 Signed-off-by: Darren Hsu --- vendor/genfs_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 89c6637..075267b 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -368,6 +368,7 @@ genfscon sysfs /devices/platform/acpm_stats # Power Stats genfscon sysfs /devices/platform/10c90000.hsi2c/i2c-9/9-0008/power_stats u:object_r:sysfs_power_stats:s0 +genfscon sysfs /devices/platform/12100000.pcie/link_duration u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/12100000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/13120000.pcie/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 From fc41724a97c40ab4fcb4910832954042cf433daf Mon Sep 17 00:00:00 2001 From: Nicole Lee Date: Thu, 2 May 2024 06:03:06 +0000 Subject: [PATCH 299/321] Allows modem_svc to read the logging related properties avc: denied { read } for comm="modem_svc_sit" name="u:object_r:vendor_logger_prop:s0" dev="tmpfs" ino=417 scontext=u:r:modem_svc_sit:s0 tcontext=u:object_r:vendor_logger_prop:s0 tclass=file permissive=0 Bug: 337184337 Change-Id: I806eee53b4ed0414b08f6203fb07958d6e0e4be1 --- radio/modem_svc_sit.te | 3 +++ 1 file changed, 3 insertions(+) diff --git a/radio/modem_svc_sit.te b/radio/modem_svc_sit.te index aeb09b3..b5eda31 100644 --- a/radio/modem_svc_sit.te +++ b/radio/modem_svc_sit.te @@ -30,6 +30,9 @@ get_prop(modem_svc_sit, vendor_rild_prop) # Modem property set_prop(modem_svc_sit, vendor_modem_prop) +# logging property +get_prop(modem_svc_sit, vendor_logger_prop) + # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) From e2546691fe9b2a0c723a6739273f603a87ed3766 Mon Sep 17 00:00:00 2001 From: Wayne Lin Date: Sat, 17 Feb 2024 12:33:09 +0800 Subject: [PATCH 300/321] gps: maintain one solution Bug: 315915958 Test: build pass and GPS function works Change-Id: I15572cbfc9bc4aa5ca966a7905c6aac63bc972d5 --- legacy/zuma/vendor/system_server.te | 2 -- radio/device.te | 1 - radio/file.te | 1 - radio/genfs_contexts | 3 --- radio/gpsd.te | 7 ------- radio/property.te | 1 - radio/property_contexts | 4 ---- radio/rild.te | 1 - 8 files changed, 20 deletions(-) delete mode 100644 radio/gpsd.te diff --git a/legacy/zuma/vendor/system_server.te b/legacy/zuma/vendor/system_server.te index 853e3cf..ba41aa7 100644 --- a/legacy/zuma/vendor/system_server.te +++ b/legacy/zuma/vendor/system_server.te @@ -1,5 +1,3 @@ -# Allow system server to send sensor data callbacks to GPS -binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); allow system_server arm_mali_platform_service:service_manager find; diff --git a/radio/device.te b/radio/device.te index f3df48a..2f1aff7 100644 --- a/radio/device.te +++ b/radio/device.te @@ -1,4 +1,3 @@ type modem_block_device, dev_type; -type vendor_gnss_device, dev_type; type modem_userdata_block_device, dev_type; type efs_block_device, dev_type; diff --git a/radio/file.te b/radio/file.te index 798af08..aea790e 100644 --- a/radio/file.te +++ b/radio/file.te @@ -6,7 +6,6 @@ type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; userdebug_or_eng(` - typeattribute vendor_gps_file mlstrustedobject; typeattribute vendor_slog_file mlstrustedobject; ') diff --git a/radio/genfs_contexts b/radio/genfs_contexts index d166b2a..d45d42f 100644 --- a/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -4,9 +4,6 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -# GPS -genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 - # Modem genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 genfscon sysfs /devices/platform/cpif/dynamic_pcie_spd/tp_threshold u:object_r:sysfs_modem:s0 diff --git a/radio/gpsd.te b/radio/gpsd.te deleted file mode 100644 index 79bf4ca..0000000 --- a/radio/gpsd.te +++ /dev/null @@ -1,7 +0,0 @@ -type gpsd, domain; -type gpsd_exec, vendor_file_type, exec_type, file_type; -# Allow gpsd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute gpsd mlstrustedsubject; - allow gpsd logger_app:unix_stream_socket connectto; -') diff --git a/radio/property.te b/radio/property.te index b4a6aa1..7c4d2ca 100644 --- a/radio/property.te +++ b/radio/property.te @@ -11,7 +11,6 @@ vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_imssvc_prop) vendor_internal_prop(vendor_ims_tiss_prop) -vendor_internal_prop(vendor_gps_prop) vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app diff --git a/radio/property_contexts b/radio/property_contexts index 549c745..013aad5 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -55,10 +55,6 @@ vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 # for vendor telephony debug app vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 -# for gps -vendor.gps. u:object_r:vendor_gps_prop:s0 -persist.vendor.gps. u:object_r:vendor_gps_prop:s0 - # Tcpdump_logger persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 diff --git a/radio/rild.te b/radio/rild.te index d2c526d..535a6b4 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -21,7 +21,6 @@ allow rild mnt_vendor_file:dir r_dir_perms; r_dir_file(rild, modem_img_file) binder_call(rild, bipchmgr) -binder_call(rild, gpsd) binder_call(rild, hal_audio_default) binder_call(rild, modem_svc_sit) binder_call(rild, vendor_ims_app) From 89a73294a0dfedad5b5cabbe28652653de455898 Mon Sep 17 00:00:00 2001 From: Wayne Lin Date: Sat, 17 Feb 2024 12:33:09 +0800 Subject: [PATCH 301/321] gps: maintain one solution Bug: 315915958 Test: build pass and GPS function works Change-Id: I15572cbfc9bc4aa5ca966a7905c6aac63bc972d5 Merged-In: I15572cbfc9bc4aa5ca966a7905c6aac63bc972d5 --- legacy/zuma/vendor/system_server.te | 2 -- radio/device.te | 1 - radio/file.te | 1 - radio/genfs_contexts | 3 --- radio/gpsd.te | 7 ------- radio/property.te | 1 - radio/property_contexts | 4 ---- radio/rild.te | 1 - 8 files changed, 20 deletions(-) delete mode 100644 radio/gpsd.te diff --git a/legacy/zuma/vendor/system_server.te b/legacy/zuma/vendor/system_server.te index 853e3cf..ba41aa7 100644 --- a/legacy/zuma/vendor/system_server.te +++ b/legacy/zuma/vendor/system_server.te @@ -1,5 +1,3 @@ -# Allow system server to send sensor data callbacks to GPS -binder_call(system_server, gpsd); binder_call(system_server, hal_camera_default); allow system_server arm_mali_platform_service:service_manager find; diff --git a/radio/device.te b/radio/device.te index f3df48a..2f1aff7 100644 --- a/radio/device.te +++ b/radio/device.te @@ -1,4 +1,3 @@ type modem_block_device, dev_type; -type vendor_gnss_device, dev_type; type modem_userdata_block_device, dev_type; type efs_block_device, dev_type; diff --git a/radio/file.te b/radio/file.te index 798af08..aea790e 100644 --- a/radio/file.te +++ b/radio/file.te @@ -6,7 +6,6 @@ type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; userdebug_or_eng(` - typeattribute vendor_gps_file mlstrustedobject; typeattribute vendor_slog_file mlstrustedobject; ') diff --git a/radio/genfs_contexts b/radio/genfs_contexts index d166b2a..d45d42f 100644 --- a/radio/genfs_contexts +++ b/radio/genfs_contexts @@ -4,9 +4,6 @@ genfscon sysfs /devices/platform/sjtag_gsa/interface u:obje genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -# GPS -genfscon sysfs /devices/platform/111e0000.spi/spi_master/spi21/spi21.0/nstandby u:object_r:sysfs_gps:s0 - # Modem genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 genfscon sysfs /devices/platform/cpif/dynamic_pcie_spd/tp_threshold u:object_r:sysfs_modem:s0 diff --git a/radio/gpsd.te b/radio/gpsd.te deleted file mode 100644 index 79bf4ca..0000000 --- a/radio/gpsd.te +++ /dev/null @@ -1,7 +0,0 @@ -type gpsd, domain; -type gpsd_exec, vendor_file_type, exec_type, file_type; -# Allow gpsd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute gpsd mlstrustedsubject; - allow gpsd logger_app:unix_stream_socket connectto; -') diff --git a/radio/property.te b/radio/property.te index 4a2cc46..f54ff9b 100644 --- a/radio/property.te +++ b/radio/property.te @@ -10,7 +10,6 @@ vendor_internal_prop(vendor_gril_prop) vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) vendor_internal_prop(vendor_imssvc_prop) -vendor_internal_prop(vendor_gps_prop) vendor_internal_prop(vendor_tcpdump_log_prop) # Telephony debug app diff --git a/radio/property_contexts b/radio/property_contexts index 3f2c917..031cd07 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -52,10 +52,6 @@ vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 # for vendor telephony debug app vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 -# for gps -vendor.gps. u:object_r:vendor_gps_prop:s0 -persist.vendor.gps. u:object_r:vendor_gps_prop:s0 - # Tcpdump_logger persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 diff --git a/radio/rild.te b/radio/rild.te index d2c526d..535a6b4 100644 --- a/radio/rild.te +++ b/radio/rild.te @@ -21,7 +21,6 @@ allow rild mnt_vendor_file:dir r_dir_perms; r_dir_file(rild, modem_img_file) binder_call(rild, bipchmgr) -binder_call(rild, gpsd) binder_call(rild, hal_audio_default) binder_call(rild, modem_svc_sit) binder_call(rild, vendor_ims_app) From bbf5ed6dbdf2e532a96a3dd0863f481aa995d3f8 Mon Sep 17 00:00:00 2001 From: chenkris Date: Wed, 20 Mar 2024 10:21:00 +0000 Subject: [PATCH 302/321] Allow fingerprint to access the folder /data/vendor/fingerprint Fix the following avc denial: android.hardwar: type=1400 audit(0.0:20): avc: denied { write } for name="fingerprint" dev="dm-56" ino=36703 scontext=u:r:hal_fingerprint_default:s0 tcontext=u:object_r:vendor_data_file:s0 tclass=dir permissive=0 Bug: 267766859 Test: Tested fingerprint under enforcing mode Change-Id: Ib1ec4f13b24a511f056012168ff8919107c6c1dd --- vendor/file_contexts | 1 + 1 file changed, 1 insertion(+) diff --git a/vendor/file_contexts b/vendor/file_contexts index 3cec364..fbdf809 100644 --- a/vendor/file_contexts +++ b/vendor/file_contexts @@ -170,3 +170,4 @@ /data/vendor/bluetooth(/.*)? u:object_r:vendor_bt_data_file:s0 /data/vendor/chre(/.*)? u:object_r:chre_data_file:s0 /data/vendor/misc/qti_fp(/.*)? u:object_r:vendor_fingerprint_data_file:s0 +/data/vendor/fingerprint(/.*)? u:object_r:fingerprint_vendor_data_file:s0 From 85e79a073462c9d37fdb7b112d8450df27e01716 Mon Sep 17 00:00:00 2001 From: Burney Yu Date: Thu, 25 Apr 2024 15:38:44 +0800 Subject: [PATCH 303/321] Allow hwc to access te_rate_hz & te_option Bug: 315094023 Test: can access sysfs node te_rate_hz & te_option Change-Id: Ib2f657560dcbab5a96a26dfa98e2f3a477702e00 --- vendor/genfs_contexts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 4b0ca26..7dd261d 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -361,7 +361,8 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/serial_numb genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/panel_model u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/refresh_ctrl u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_info u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_option u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te_rate_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/time_in_state u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19470000.drmdecon/hibernation u:object_r:sysfs_display:s0 From b5833b7ddf3a649c4740373766fb7169e72bf249 Mon Sep 17 00:00:00 2001 From: Weizhung Ding Date: Thu, 9 May 2024 08:25:08 +0000 Subject: [PATCH 304/321] add sysfs access permission on Zumapro devices. Bug: 339598226 Test: build and check log Change-Id: Ia7a7f0f8a5ffc63ab52f41d7a012260d73c54153 --- vendor/genfs_contexts | 13 +++++++++++++ vendor/pixelstats_vendor.te | 4 ++++ 2 files changed, 17 insertions(+) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index e6b0146..343474f 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -364,6 +364,19 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_invalid_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/sink_count_invalid_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_unstable_failures u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp2_success_count u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp2_fallback_count u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp2_fail_count u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp1_success_count u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0 + # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 diff --git a/vendor/pixelstats_vendor.te b/vendor/pixelstats_vendor.te index 71ccca3..ff183b3 100644 --- a/vendor/pixelstats_vendor.te +++ b/vendor/pixelstats_vendor.te @@ -1,3 +1,7 @@ +# Display +r_dir_file(pixelstats_vendor, sysfs_display) +allow pixelstats_vendor sysfs_display:lnk_file r_file_perms; + # Pca charge allow pixelstats_vendor sysfs_pca:file rw_file_perms; From 32a69c8d11c7aa7e217b58eafe4bde1b02ceb3db Mon Sep 17 00:00:00 2001 From: Weizhung Ding Date: Thu, 12 Oct 2023 12:13:14 +0000 Subject: [PATCH 305/321] Add HWC permission to access IStats AIDL avc: denied { call } for scontext=u:r:hal_graphics_composer_default:s0 tcontext=u:r:system_server:s0 tclass=binder permissive=0 Bug: 339598226 Test: Build and check log Change-Id: I7e5ec165df0d397250b09f5981c1f45aea27bd4c --- vendor/hal_graphics_composer_default.te | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/vendor/hal_graphics_composer_default.te b/vendor/hal_graphics_composer_default.te index 4035a57..39dc7ee 100644 --- a/vendor/hal_graphics_composer_default.te +++ b/vendor/hal_graphics_composer_default.te @@ -45,3 +45,7 @@ allow hal_graphics_composer_default vendor_log_file:dir search; # allow HWC to access powerstats allow hal_graphics_composer_default hal_power_stats_vendor_service:service_manager find; binder_call(hal_graphics_composer_default, hal_power_stats_default) + +# allow HWC to access IStats AIDL +allow hal_graphics_composer_default fwk_stats_service:service_manager find; +binder_call(hal_graphics_composer_default, system_server); From b9181de2eae7adffe978f12ddb85b668551fc528 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Mon, 1 Apr 2024 08:14:30 +0000 Subject: [PATCH 306/321] sepolicy: allow hal_gnss_pixel to connect to hal_contexthub_default avc: denied { call } for scontext=u:r:hal_contexthub_default:s0 tcontext=u:r:hal_gnss_pixel:s0 tclass=binder permissive=0 Bug: 339391267 Test: Verified the boot health at b/339391267#comment21. Test: Verified the boot health at b/339391267#comment22. Change-Id: I109d03e52f6576328b92ec0b18041da8fac502eb --- vendor/hal_contexthub_default.te | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 vendor/hal_contexthub_default.te diff --git a/vendor/hal_contexthub_default.te b/vendor/hal_contexthub_default.te new file mode 100644 index 0000000..6e9041a --- /dev/null +++ b/vendor/hal_contexthub_default.te @@ -0,0 +1,3 @@ + +# Allow binder call to PixelGnss PPS function. +binder_call(hal_contexthub_default, hal_gnss_pixel) From 924e6c6cd3ad8b0b37a20f28bb9e0f8d262b5b32 Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 14 May 2024 03:02:11 +0000 Subject: [PATCH 307/321] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 340369535 Bug: 338347525 Change-Id: I0d70966f03b0207388388fbc47e45de55a7385c3 --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 346638e..a07f071 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -2,6 +2,8 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 +hal_audio_default fwk_stats_service service_manager b/340369535 +hal_audio_default traced_producer_socket sock_file b/340369535 hal_gnss_default vendor_gps_prop file b/318310869 incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 @@ -9,3 +11,4 @@ sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 spad spad unix_stream_socket b/309550905 swcnd swcnd unix_stream_socket b/309551062 +shell sysfs_net file b/338347525 From b65f4dacb291a3f3e32e4bba10c7a71b1c0d4aec Mon Sep 17 00:00:00 2001 From: Wilson Sung Date: Tue, 14 May 2024 03:02:11 +0000 Subject: [PATCH 308/321] Update SELinux error Test: SELinuxUncheckedDenialBootTest Bug: 340369535 Bug: 338347525 Merged-In: I0d70966f03b0207388388fbc47e45de55a7385c3 Change-Id: I0d70966f03b0207388388fbc47e45de55a7385c3 (cherry picked from commit 924e6c6cd3ad8b0b37a20f28bb9e0f8d262b5b32) --- tracking_denials/bug_map | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map index 346638e..a07f071 100644 --- a/tracking_denials/bug_map +++ b/tracking_denials/bug_map @@ -2,6 +2,8 @@ dump_display sysfs file b/322917055 dumpstate image_processing_hal binder b/322916328 dumpstate image_processing_server binder b/322916328 +hal_audio_default fwk_stats_service service_manager b/340369535 +hal_audio_default traced_producer_socket sock_file b/340369535 hal_gnss_default vendor_gps_prop file b/318310869 incidentd incidentd anon_inode b/322917075 sctd sctd tcp_socket b/309550514 @@ -9,3 +11,4 @@ sctd swcnd unix_stream_socket b/309550514 sctd vendor_persist_config_default_prop file b/309550514 spad spad unix_stream_socket b/309550905 swcnd swcnd unix_stream_socket b/309551062 +shell sysfs_net file b/338347525 From 3ef50e762f42bd690421cdab25425e0248b72211 Mon Sep 17 00:00:00 2001 From: Frank Yu Date: Fri, 17 May 2024 07:42:22 +0000 Subject: [PATCH 309/321] Update sepolicy for all device that use radioext 1.7 interface. Bug: 340791912 Test: v2/pixel-health-guard/device-boot-health-check-extra Change-Id: Icd7b482d88f52fbde6b281ef58857bfa6a9edea8 --- radio/grilservice_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/grilservice_app.te b/radio/grilservice_app.te index 9e9eea4..cb4eec8 100644 --- a/radio/grilservice_app.te +++ b/radio/grilservice_app.te @@ -11,6 +11,7 @@ allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find; allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find; allow grilservice_app radio_vendor_data_file:dir create_dir_perms; allow grilservice_app radio_vendor_data_file:file create_file_perms; +allow grilservice_app gril_antenna_tuning_service:service_manager find; binder_call(grilservice_app, hal_bluetooth_btlinux) binder_call(grilservice_app, hal_radioext_default) binder_call(grilservice_app, hal_wifi_ext) From ff802c138e903eeb81bb5f251a26e3a4ac34b34e Mon Sep 17 00:00:00 2001 From: Roy Luo Date: Wed, 22 May 2024 00:48:39 +0000 Subject: [PATCH 310/321] Support sending vendor command to GL852G via libusbhost libusbhost need access to USB device fs. Bug: 261923350 Bug: 340665903 Test: no audit log in logcat after command execution Change-Id: I4b0c8cc750eff12d2494504f9f215d5b1bab35fd --- vendor/hal_usb_impl.te | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/vendor/hal_usb_impl.te b/vendor/hal_usb_impl.te index 99644e8..2ec4888 100644 --- a/vendor/hal_usb_impl.te +++ b/vendor/hal_usb_impl.te @@ -21,3 +21,8 @@ allow hal_usb_impl fwk_stats_service:service_manager find; # For reading the usb-c throttling stats allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms; + +# For issuing vendor commands to USB hub via libusbhost +allow hal_usb_impl device:dir r_dir_perms; +allow hal_usb_impl usb_device:chr_file rw_file_perms; +allow hal_usb_impl usb_device:dir r_dir_perms; From 48326b2e0bf10745abd5770f222a07798dd7877e Mon Sep 17 00:00:00 2001 From: Cheng Gu Date: Tue, 28 May 2024 15:29:14 -0700 Subject: [PATCH 311/321] Update SELinux error Bug: 317754251 Test: adb reboot and observe log Change-Id: I7dcf9782ce2be632410e956871f74e874ddaf3a1 --- tracking_denials/vendor_init.te | 2 -- 1 file changed, 2 deletions(-) diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 1e84764..4846678 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,7 +1,5 @@ # b/317316031 dontaudit vendor_init debugfs_trace_marker:file { getattr }; dontaudit vendor_init default_prop:property_service { set }; -# b/317754251 -dontaudit vendor_init vendor_camera_debug_prop:property_service { set }; # b/322035750 dontaudit vendor_init vendor_gps_prop:property_service { set }; From a9766745d1e822b8a7b7efbfe2165049b2a0d1cd Mon Sep 17 00:00:00 2001 From: emilchung Date: Tue, 28 May 2024 20:15:47 +0800 Subject: [PATCH 312/321] Remove tracking denials of hal_sensors_default. Fix: 308381687 Test: no avc denied of hal_sensors_default Change-Id: I19305dc921ae96752c4213cc284d4f578bac07a2 --- tracking_denials/hal_sensors_default.te | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 tracking_denials/hal_sensors_default.te diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index db925a3..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/308381687 -dontaudit hal_sensors_default sysfs_leds:file { write }; From 785df18f1e607fc3a97855853c52de9035fb67bf Mon Sep 17 00:00:00 2001 From: mikeyuewang Date: Mon, 3 Jun 2024 18:54:26 +0000 Subject: [PATCH 313/321] Grant the Pixel Modem Service access to the SubscriptionManager. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bug: 344624813 avc denial: avc: denied { find } for pid=2372 uid=10303 name=isub scontext=u:r:pixel_modem_app:s0:c47,c257,c512,c768 tcontext=u:object_r:radio_service:s0 tclass=service_manager permissive=0 Change-Id: I2e74ae8b364a30895e2769504efcd604f19adfa7 --- radio/pixel_modem_app.te | 1 + 1 file changed, 1 insertion(+) diff --git a/radio/pixel_modem_app.te b/radio/pixel_modem_app.te index 2fbe536..85a2628 100644 --- a/radio/pixel_modem_app.te +++ b/radio/pixel_modem_app.te @@ -5,6 +5,7 @@ type pixel_modem_app, domain; app_domain(pixel_modem_app) allow pixel_modem_app app_api_service:service_manager find; +allow pixel_modem_app radio_service:service_manager find; # Allow the pixel_modem_app to find and call shared modem platform service. hal_client_domain(pixel_modem_app, hal_shared_modem_platform) From 26efc37a3daea74dfdf6dd40a918de486887f81a Mon Sep 17 00:00:00 2001 From: Kiwon Park Date: Wed, 5 Jun 2024 14:40:00 -0700 Subject: [PATCH 314/321] Add setupwizard_feature_prop as one of properties allowed to be read 06-05 20:45:54.890420 root 351 351 W libc : Unable to set property "setupwizard.feature.provisioning_profile_mode" to "true": error code: 0x18 06-05 20:45:54.894967 root 350 350 E init : Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:351: SELinux permission check failed Test: manual Bug: 336903409 Change-Id: I7282cfdbd621dd0e77f08c8ff7287f9693fa060a --- system_ext/private/gmscore_app.te | 2 ++ system_ext/private/priv_app.te | 2 ++ system_ext/private/property_contexts | 3 +++ system_ext/public/property.te | 3 +++ vendor/vendor_init.te | 2 ++ 5 files changed, 12 insertions(+) create mode 100644 system_ext/private/gmscore_app.te create mode 100644 system_ext/private/priv_app.te diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te new file mode 100644 index 0000000..4dc1639 --- /dev/null +++ b/system_ext/private/gmscore_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(gmscore_app, setupwizard_feature_prop) diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te new file mode 100644 index 0000000..90bc371 --- /dev/null +++ b/system_ext/private/priv_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(priv_app, setupwizard_feature_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 22683bd..e7d4b3b 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -6,3 +6,6 @@ telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact b # HDCP setting of the display connected via USB port persist.sys.hdcp_checking u:object_r:usb_control_prop:s0 exact string + +# setupwizard +setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0 diff --git a/system_ext/public/property.te b/system_ext/public/property.te index e492369..f1b73f0 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -7,3 +7,6 @@ system_restricted_prop(telephony_ntn_demo_mode_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) ') + +# setupwizard +system_public_prop(setupwizard_feature_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 7a8ec91..21d3425 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -8,3 +8,5 @@ userdebug_or_eng(` set_prop(vendor_init, vendor_imssvc_prop) ') +# setupwizard +set_prop(vendor_init, setupwizard_feature_prop) From 070be283a741f99a341f1125718951226b51a91c Mon Sep 17 00:00:00 2001 From: Kiwon Park Date: Wed, 5 Jun 2024 14:40:00 -0700 Subject: [PATCH 315/321] Add setupwizard_feature_prop as one of properties allowed to be read 06-05 20:45:54.890420 root 351 351 W libc : Unable to set property "setupwizard.feature.provisioning_profile_mode" to "true": error code: 0x18 06-05 20:45:54.894967 root 350 350 E init : Unable to set property 'setupwizard.feature.provisioning_profile_mode' from uid:0 gid:0 pid:351: SELinux permission check failed Test: manual Bug: 336903409 Change-Id: I7282cfdbd621dd0e77f08c8ff7287f9693fa060a Merged-In: I7282cfdbd621dd0e77f08c8ff7287f9693fa060a --- system_ext/private/gmscore_app.te | 2 ++ system_ext/private/priv_app.te | 2 ++ system_ext/private/property_contexts | 3 +++ system_ext/public/property.te | 3 +++ vendor/vendor_init.te | 3 +++ 5 files changed, 13 insertions(+) create mode 100644 system_ext/private/gmscore_app.te create mode 100644 system_ext/private/priv_app.te diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te new file mode 100644 index 0000000..4dc1639 --- /dev/null +++ b/system_ext/private/gmscore_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(gmscore_app, setupwizard_feature_prop) diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te new file mode 100644 index 0000000..90bc371 --- /dev/null +++ b/system_ext/private/priv_app.te @@ -0,0 +1,2 @@ +# Allow to read setupwizard_feature_prop +get_prop(priv_app, setupwizard_feature_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 56360e3..93a16ad 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -3,3 +3,6 @@ telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum nt telephony.ril.modem_bin_status u:object_r:telephony_modemtype_prop:s0 exact uint telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact bool + +# setupwizard +setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0 diff --git a/system_ext/public/property.te b/system_ext/public/property.te index e492369..f1b73f0 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -7,3 +7,6 @@ system_restricted_prop(telephony_ntn_demo_mode_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) ') + +# setupwizard +system_public_prop(setupwizard_feature_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 4dcc237..b1c1536 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -6,3 +6,6 @@ allow vendor_init tee_data_file:lnk_file read; # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; + +# setupwizard +set_prop(vendor_init, setupwizard_feature_prop) From 8fa884d01c2c7684b991e8ca3eb3314e2020b900 Mon Sep 17 00:00:00 2001 From: Cheng Chang Date: Wed, 29 May 2024 09:00:55 +0000 Subject: [PATCH 316/321] gps: Move type declaration to device folder Bug: 343280252 Test: b/343280252 compile and abtd test Change-Id: I492ea0b14953cf5b0111ac70bf82240522a15494 --- radio/file.te | 3 +++ radio/property.te | 1 + radio/property_contexts | 4 ++++ vendor/hal_gnss_pixel.te | 4 ++++ 4 files changed, 12 insertions(+) create mode 100644 vendor/hal_gnss_pixel.te diff --git a/radio/file.te b/radio/file.te index aea790e..a79dfcc 100644 --- a/radio/file.te +++ b/radio/file.te @@ -2,11 +2,14 @@ type rild_vendor_data_file, file_type, data_file_type; type modem_ml_data_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; +type sysfs_gps, sysfs_type, fs_type; +type vendor_gps_file, file_type, data_file_type; type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; userdebug_or_eng(` typeattribute vendor_slog_file mlstrustedobject; + typeattribute vendor_gps_file mlstrustedobject; ') # persist diff --git a/radio/property.te b/radio/property.te index f54ff9b..dcfee41 100644 --- a/radio/property.te +++ b/radio/property.te @@ -6,6 +6,7 @@ vendor_internal_prop(vendor_persist_config_default_prop) vendor_internal_prop(vendor_diag_prop) vendor_internal_prop(vendor_modem_prop) vendor_internal_prop(vendor_rild_prop) +vendor_internal_prop(vendor_gps_prop) vendor_internal_prop(vendor_gril_prop) vendor_internal_prop(vendor_ssrdump_prop) vendor_internal_prop(vendor_wifi_version) diff --git a/radio/property_contexts b/radio/property_contexts index 031cd07..3f2c917 100644 --- a/radio/property_contexts +++ b/radio/property_contexts @@ -52,6 +52,10 @@ vendor.wlan.firmware.version u:object_r:vendor_wifi_version:s0 # for vendor telephony debug app vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 +# for gps +vendor.gps. u:object_r:vendor_gps_prop:s0 +persist.vendor.gps. u:object_r:vendor_gps_prop:s0 + # Tcpdump_logger persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 diff --git a/vendor/hal_gnss_pixel.te b/vendor/hal_gnss_pixel.te new file mode 100644 index 0000000..1206ac1 --- /dev/null +++ b/vendor/hal_gnss_pixel.te @@ -0,0 +1,4 @@ +type hal_gnss_pixel, domain; +init_daemon_domain(hal_gnss_pixel) +type hal_gnss_pixel_exec, exec_type, vendor_file_type, file_type; +hal_server_domain(hal_gnss_pixel, hal_gnss) From 33de53de689fe048f2879d8773dd673997afee6d Mon Sep 17 00:00:00 2001 From: Kiwon Park Date: Thu, 13 Jun 2024 17:24:30 +0000 Subject: [PATCH 317/321] Revert "Add setupwizard_feature_prop as one of properties allowed to be read" This reverts commit 26efc37a3daea74dfdf6dd40a918de486887f81a. Reason for revert: Doesn't fix the issues in factory testing Change-Id: I8c8473f5a9c0cf9c53a95943101976d4b7103580 --- system_ext/private/gmscore_app.te | 2 -- system_ext/private/priv_app.te | 2 -- system_ext/private/property_contexts | 3 --- system_ext/public/property.te | 3 --- vendor/vendor_init.te | 2 -- 5 files changed, 12 deletions(-) delete mode 100644 system_ext/private/gmscore_app.te delete mode 100644 system_ext/private/priv_app.te diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te deleted file mode 100644 index 4dc1639..0000000 --- a/system_ext/private/gmscore_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow to read setupwizard_feature_prop -get_prop(gmscore_app, setupwizard_feature_prop) diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te deleted file mode 100644 index 90bc371..0000000 --- a/system_ext/private/priv_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow to read setupwizard_feature_prop -get_prop(priv_app, setupwizard_feature_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index e7d4b3b..22683bd 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -6,6 +6,3 @@ telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact b # HDCP setting of the display connected via USB port persist.sys.hdcp_checking u:object_r:usb_control_prop:s0 exact string - -# setupwizard -setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0 diff --git a/system_ext/public/property.te b/system_ext/public/property.te index f1b73f0..e492369 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -7,6 +7,3 @@ system_restricted_prop(telephony_ntn_demo_mode_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) ') - -# setupwizard -system_public_prop(setupwizard_feature_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index 21d3425..7a8ec91 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -8,5 +8,3 @@ userdebug_or_eng(` set_prop(vendor_init, vendor_imssvc_prop) ') -# setupwizard -set_prop(vendor_init, setupwizard_feature_prop) From 8a95fcc899d04e26ad07e8cbd94f3d72df2eb33d Mon Sep 17 00:00:00 2001 From: Achigo Liu Date: Thu, 13 Jun 2024 16:23:50 +0000 Subject: [PATCH 318/321] Revert "Add setupwizard_feature_prop as one of properties allowe..." Revert submission 27717640-bootstrap Reason for revert: mount vendor partition failed when OTA Reverted changes: /q/submissionid:27717640-bootstrap Change-Id: I8602fb3b435af864061b0c0f4f742684e228f34e Merged-In: I8c8473f5a9c0cf9c53a95943101976d4b7103580 --- system_ext/private/gmscore_app.te | 2 -- system_ext/private/priv_app.te | 2 -- system_ext/private/property_contexts | 3 --- system_ext/public/property.te | 3 --- vendor/vendor_init.te | 3 --- 5 files changed, 13 deletions(-) delete mode 100644 system_ext/private/gmscore_app.te delete mode 100644 system_ext/private/priv_app.te diff --git a/system_ext/private/gmscore_app.te b/system_ext/private/gmscore_app.te deleted file mode 100644 index 4dc1639..0000000 --- a/system_ext/private/gmscore_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow to read setupwizard_feature_prop -get_prop(gmscore_app, setupwizard_feature_prop) diff --git a/system_ext/private/priv_app.te b/system_ext/private/priv_app.te deleted file mode 100644 index 90bc371..0000000 --- a/system_ext/private/priv_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# Allow to read setupwizard_feature_prop -get_prop(priv_app, setupwizard_feature_prop) diff --git a/system_ext/private/property_contexts b/system_ext/private/property_contexts index 93a16ad..56360e3 100644 --- a/system_ext/private/property_contexts +++ b/system_ext/private/property_contexts @@ -3,6 +3,3 @@ telephony.TnNtn.image_switch u:object_r:telephony_modem_prop:s0 exact enum nt telephony.ril.modem_bin_status u:object_r:telephony_modemtype_prop:s0 exact uint telephony.ril.silent_reset u:object_r:telephony_ril_prop:s0 exact bool telephony.ril.ntn_demo_mode u:object_r:telephony_ntn_demo_mode_prop:s0 exact bool - -# setupwizard -setupwizard.feature.provisioning_profile_mode u:object_r:setupwizard_feature_prop:s0 diff --git a/system_ext/public/property.te b/system_ext/public/property.te index f1b73f0..e492369 100644 --- a/system_ext/public/property.te +++ b/system_ext/public/property.te @@ -7,6 +7,3 @@ system_restricted_prop(telephony_ntn_demo_mode_prop) userdebug_or_eng(` set_prop(shell, telephony_ril_prop) ') - -# setupwizard -system_public_prop(setupwizard_feature_prop) diff --git a/vendor/vendor_init.te b/vendor/vendor_init.te index b1c1536..4dcc237 100644 --- a/vendor/vendor_init.te +++ b/vendor/vendor_init.te @@ -6,6 +6,3 @@ allow vendor_init tee_data_file:lnk_file read; # MM allow vendor_init proc_compaction_proactiveness:file w_file_perms; allow vendor_init proc_percpu_pagelist_high_fraction:file w_file_perms; - -# setupwizard -set_prop(vendor_init, setupwizard_feature_prop) From a6a8f7698f219226949c6e02d4bb803186e52831 Mon Sep 17 00:00:00 2001 From: Jeremy DeHaan Date: Wed, 12 Jun 2024 16:33:59 -0700 Subject: [PATCH 319/321] Allow HWC to access frame_rate node Flag: EXEMPT bugfix Bug: 346461765 Signed-off-by: Jeremy DeHaan (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b3d863d5520308d2af21042b38075f321349f159) Merged-In: Id7b3195e76cdce3e612eb9c9d177af24145e70a2 Change-Id: Id7b3195e76cdce3e612eb9c9d177af24145e70a2 --- vendor/genfs_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 31066c0..5bc0605 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -375,6 +375,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures u:object_r:sysfs_display:s0 @@ -388,7 +389,6 @@ genfscon sysfs /devices/platform/hdcp/hdcp1_success_count genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0 - # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 From 41e0466f0c8589fde50151de8f493d62136a950b Mon Sep 17 00:00:00 2001 From: Neha Jain Date: Thu, 18 Jul 2024 06:47:41 +0000 Subject: [PATCH 320/321] Revert "Allow HWC to access frame_rate node" This reverts commit a6a8f7698f219226949c6e02d4bb803186e52831. Reason for revert: build break (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:b47f7ee5f85828e92f2281860e4cdbc75b851f4b) Merged-In: I1e997bacdd1b1507867cde353d0953adfb881250 Change-Id: I1e997bacdd1b1507867cde353d0953adfb881250 --- vendor/genfs_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 5bc0605..31066c0 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -375,7 +375,6 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0 -genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures u:object_r:sysfs_display:s0 @@ -389,6 +388,7 @@ genfscon sysfs /devices/platform/hdcp/hdcp1_success_count genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0 + # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 From bc59de7fe8a4c5021d9852e13984e5b6780c5ea2 Mon Sep 17 00:00:00 2001 From: Jeremy DeHaan Date: Wed, 12 Jun 2024 16:33:59 -0700 Subject: [PATCH 321/321] Allow HWC to access frame_rate node Flag: EXEMPT bugfix Bug: 346461765 Signed-off-by: Jeremy DeHaan (cherry picked from commit b3d863d5520308d2af21042b38075f321349f159) (cherry picked from commit d5304a11449e1fdf9faf17dfee955b5c40fbb8be) (cherry picked from https://googleplex-android-review.googlesource.com/q/commit:23199995aa113db6bc1fd8d1e3ae53742ac14d82) Merged-In: Id7b3195e76cdce3e612eb9c9d177af24145e70a2 Change-Id: Id7b3195e76cdce3e612eb9c9d177af24145e70a2 --- vendor/genfs_contexts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vendor/genfs_contexts b/vendor/genfs_contexts index 31066c0..5bc0605 100644 --- a/vendor/genfs_contexts +++ b/vendor/genfs_contexts @@ -375,6 +375,7 @@ genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/error_count genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport/dp_hotplug_error_code u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_rate_hz u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/te2_option u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/19440000.drmdsim/19440000.drmdsim.0/frame_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/link_negotiation_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/edid_read_failures u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/110f0000.drmdp/drm-displayport-stats/dpcd_read_failures u:object_r:sysfs_display:s0 @@ -388,7 +389,6 @@ genfscon sysfs /devices/platform/hdcp/hdcp1_success_count genfscon sysfs /devices/platform/hdcp/hdcp1_fail_count u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/hdcp/hdcp0_count u:object_r:sysfs_display:s0 - # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0