17152067e6
-----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO eDQqAJwOfnHwIxPnJDkuy1MpIWivJQV1GgCfe/G3XeQ0POPhttv8TZHn/Ff0sqo= =2IgK -----END PGP SIGNATURE----- gpgsig -----BEGIN SSH SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgPpdpjxPACTIhnlvYz0GM4BR7FJ +rYv3jMbfxNKD3JvcAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5 AAAAQLpPxk4tGVse7ZnGf5txBVHXgfM/xdZT4gf36LUHNjGKTNBXIMsKbcHedH2YOAVGLp 55mHQgTaS2qFR2ZsKcpgo= -----END SSH SIGNATURE----- Merge tag 'aml_tz6_351400020' into staging/lineage-23.0_merge-aml_tz6_351400020 aml_tz6_351400020 (13155446,com.google.android.go.tzdata6,com.google.android.tzdata6) # -----BEGIN PGP SIGNATURE----- # # iF0EABECAB0WIQRDQNE1cO+UXoOBCWTorT+BmrEOeAUCZ9i73wAKCRDorT+BmrEO # eDQqAJwOfnHwIxPnJDkuy1MpIWivJQV1GgCfe/G3XeQ0POPhttv8TZHn/Ff0sqo= # =2IgK # -----END PGP SIGNATURE----- # gpg: Signature made Tue Mar 18 02:18:39 2025 EET # gpg: using DSA key 4340D13570EF945E83810964E8AD3F819AB10E78 # gpg: Good signature from "The Android Open Source Project <initial-contribution@android.com>" [ultimate] # By Nina Chen (5) and others # Via Android Build Coastguard Worker (9) and others * tag 'aml_tz6_351400020': Update SELinux error Add IFingerprintDebug service context and Overlay permissions Revert "Add IFingerprintDebug service context and Overlay permissions." Add IFingerprintDebug service context and Overlay permissions. Consolidate SELinux for faceauth_rawimage RamdumpService: Fix the SELinux errors from introducing Firebase Analytics. Update SELinux error zumapro: update selinux to allow UMI on user build Remove sced sepolicy rule display: mark dual display related nodes as sysfs_display Update SELinux error Update SELinux error. Update SELinux error gps: Remove GNSS SELinux error bug from bug_map remove b/378004800 and b/318310869 from bugmap Revert "Remove hal_camera_default aconfig_storage_metadata_file ..." display/hwc: Add write access to persist display file. Remove hal_camera_default aconfig_storage_metadata_file from bug map Update SELinux error Add udc sysfs to udc_sysfs fs context Change-Id: I8d6fe8bb8bbeda4b8f5f8be48a01199d2648f90d
52 lines
1.8 KiB
Text
52 lines
1.8 KiB
Text
# Selinux rule for modem_svc_sit daemon
|
|
type modem_svc_sit, domain;
|
|
type modem_svc_sit_exec, vendor_file_type, exec_type, file_type;
|
|
init_daemon_domain(modem_svc_sit)
|
|
|
|
hwbinder_use(modem_svc_sit)
|
|
binder_call(modem_svc_sit, rild)
|
|
|
|
# Grant sysfs_modem access
|
|
allow modem_svc_sit sysfs_modem:file rw_file_perms;
|
|
|
|
# Grant radio device access
|
|
allow modem_svc_sit radio_device:chr_file rw_file_perms;
|
|
|
|
# Grant vendor radio and modem file/dir creation permission
|
|
allow modem_svc_sit radio_vendor_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit radio_vendor_data_file:file create_file_perms;
|
|
allow modem_svc_sit modem_stat_data_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_stat_data_file:file create_file_perms;
|
|
|
|
allow modem_svc_sit vendor_fw_file:dir search;
|
|
allow modem_svc_sit vendor_fw_file:file r_file_perms;
|
|
|
|
allow modem_svc_sit mnt_vendor_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:dir create_dir_perms;
|
|
allow modem_svc_sit modem_userdata_file:file create_file_perms;
|
|
|
|
# RIL property
|
|
get_prop(modem_svc_sit, vendor_rild_prop)
|
|
|
|
# Modem property
|
|
set_prop(modem_svc_sit, vendor_modem_prop)
|
|
|
|
# logging property
|
|
get_prop(modem_svc_sit, vendor_logger_prop)
|
|
|
|
# hwservice permission
|
|
allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find;
|
|
get_prop(modem_svc_sit, hwservicemanager_prop)
|
|
|
|
# Write trace data to the Perfetto traced daemon. This requires connecting to
|
|
# its producer socket and obtaining a (per-process) tmpfs fd.
|
|
perfetto_producer(modem_svc_sit)
|
|
|
|
# Allow modem_svc_sit to access modem image file/dir
|
|
allow modem_svc_sit modem_img_file:dir r_dir_perms;
|
|
allow modem_svc_sit modem_img_file:file r_file_perms;
|
|
allow modem_svc_sit modem_img_file:lnk_file r_file_perms;
|
|
|
|
# Allow modem_svc_sit to access socket for UMI
|
|
allow modem_svc_sit radio_vendor_data_file:sock_file { create write unlink };
|
|
|