diff options
author | android-build-team Robot <android-build-team-robot@google.com> | 2021-03-15 18:25:34 +0000 |
---|---|---|
committer | android-build-team Robot <android-build-team-robot@google.com> | 2021-03-15 18:25:34 +0000 |
commit | b2e8b99bce85cd469a1baaf1a2db0837873fd81f (patch) | |
tree | e10d6611bcb9cae16043f38243233ba01aeeb419 | |
parent | e8f60b2da5fab9ae3a8e6f3860bdccc5c9f3b175 (diff) | |
parent | a15fb3d868ef2dd97ee756ea549bfa9efeb0b3f5 (diff) | |
download | coral-sepolicy-android11-platform-release.tar.gz |
Snap for 7192656 from a15fb3d868ef2dd97ee756ea549bfa9efeb0b3f5 to rvc-platform-releaseandroid-platform-11.0.0_r40android-platform-11.0.0_r39android-platform-11.0.0_r38android-platform-11.0.0_r37android-platform-11.0.0_r36android-platform-11.0.0_r35android-platform-11.0.0_r34android-platform-11.0.0_r33android-platform-11.0.0_r32android-platform-11.0.0_r31android-platform-11.0.0_r30android-platform-11.0.0_r29android-platform-11.0.0_r28android-platform-11.0.0_r27android-platform-11.0.0_r26android-platform-11.0.0_r25android-platform-11.0.0_r24android-platform-11.0.0_r23android-platform-11.0.0_r22android-platform-11.0.0_r21android-platform-11.0.0_r20android-platform-11.0.0_r19android-platform-11.0.0_r18android-platform-11.0.0_r17android-platform-11.0.0_r16android-platform-11.0.0_r15android-platform-11.0.0_r14android11-platform-release
Change-Id: I0c6b6335ac88bd7f7311a21bbc8943531819328e
-rw-r--r-- | coral-sepolicy.mk | 1 | ||||
-rw-r--r-- | vendor/google/bug_map | 3 | ||||
-rw-r--r-- | vendor/google/file.te | 3 | ||||
-rw-r--r-- | vendor/google/file_contexts | 3 | ||||
-rw-r--r-- | vendor/google/genfs_contexts | 15 | ||||
-rw-r--r-- | vendor/google/hal_dumpstate_impl.te | 2 | ||||
-rw-r--r-- | vendor/google/hal_secure_element_default.te | 6 | ||||
-rw-r--r-- | vendor/google/logger_app.te | 1 | ||||
-rw-r--r-- | vendor/google/nfc.te | 1 | ||||
-rw-r--r-- | vendor/google/property.te | 3 | ||||
-rw-r--r-- | vendor/google/property_contexts | 3 | ||||
-rw-r--r-- | vendor/qcom/common/file.te | 3 | ||||
-rw-r--r-- | vendor/qcom/common/file_contexts | 4 | ||||
-rw-r--r-- | vendor/qcom/common/hal_drm_widevine.te | 2 | ||||
-rw-r--r-- | vendor/qcom/common/hal_neuralnetworks.te | 3 | ||||
-rw-r--r-- | vendor/qcom/common/hal_nfc_default.te | 3 | ||||
-rw-r--r-- | vendor/st/file_contexts | 15 | ||||
-rw-r--r-- | vendor/st/hal_nfc_default.te | 9 | ||||
-rw-r--r-- | vendor/st/hal_secure_element_default.te | 5 | ||||
-rw-r--r-- | vendor/st/property.te | 2 | ||||
-rw-r--r-- | vendor/st/property_contexts | 6 | ||||
-rw-r--r-- | vendor/st/vendor_init.te | 2 |
22 files changed, 67 insertions, 28 deletions
diff --git a/coral-sepolicy.mk b/coral-sepolicy.mk index b4da01c..4de3284 100644 --- a/coral-sepolicy.mk +++ b/coral-sepolicy.mk @@ -7,4 +7,5 @@ BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/common BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/qcom/sm8150 BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/knowles/common BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/tracking_denials +BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/st BOARD_SEPOLICY_DIRS += device/google/coral-sepolicy/vendor/verizon diff --git a/vendor/google/bug_map b/vendor/google/bug_map index 4e2cd76..10bea10 100644 --- a/vendor/google/bug_map +++ b/vendor/google/bug_map @@ -1 +1,4 @@ hal_health_default unlabeled file b/156200409 +shell debugfs file b/175106535 +shell device_config_runtime_native_boot_prop file b/175106535 +shell sysfs file b/175106535 diff --git a/vendor/google/file.te b/vendor/google/file.te index cfb5ef6..1faf285 100644 --- a/vendor/google/file.te +++ b/vendor/google/file.te @@ -49,9 +49,6 @@ type mediadrm_vendor_data_file, file_type, data_file_type; #diag cmd socket type diag_socket, file_type, mlstrustedobject; -#eSE file -type ese_vendor_data_file, file_type, data_file_type; - # Dumpstats dmabuf info type debugfs_dma_buf, debugfs_type, fs_type; diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index 4fd4689..8c110f6 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -12,7 +12,6 @@ /dev/maxfg_history u:object_r:maxfg_device:s0 /dev/vd6281 u:object_r:rls_device:s0 /dev/sensor_tunnel u:object_r:rls_device:s0 -/dev/st54j_se u:object_r:secure_element_device:s0 /dev/subsys_faceauth u:object_r:faceauth_device:s0 /dev/subsys_faceauth_b u:object_r:faceauth_device:s0 /dev/touch_offload u:object_r:touch_offload_device:s0 @@ -37,7 +36,6 @@ /vendor/bin/hw/android\.hardware\.neuralnetworks@1\.2-service-noronha u:object_r:hal_neuralnetworks_darwinn_exec:s0 /vendor/bin/hw/android\.hardware\.power\.stats@1\.0-service\.pixel u:object_r:hal_power_stats_default_exec:s0 /vendor/bin/hw/android\.hardware\.rebootescrow-service\.citadel u:object_r:hal_rebootescrow_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0 /vendor/bin/hw/android\.hardware\.usb@1\.2-service\.coral u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 /vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 @@ -114,7 +112,6 @@ /data/vendor/modem_dump(/.*)? u:object_r:modem_dump_file:s0 /data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 /data/vendor_ce/[0-9]+/ramoops(/.*)? u:object_r:ramoops_vendor_data_file:s0 -/data/vendor/ese(/.*)? u:object_r:ese_vendor_data_file:s0 /data/vendor/hal_neuralnetworks_darwinn/hal_camera(/.*)? u:object_r:hal_neuralnetworks_darwinn_hal_camera_data_file:s0 /data/vendor/camera_calibration(/.*)? u:object_r:camera_calibration_vendor_data_file:s0 /data/vendor/face(/.*)? u:object_r:face_vendor_data_file:s0 diff --git a/vendor/google/genfs_contexts b/vendor/google/genfs_contexts index aad6cc7..d302d71 100644 --- a/vendor/google/genfs_contexts +++ b/vendor/google/genfs_contexts @@ -114,6 +114,18 @@ genfscon debugfs /google_charger genfscon debugfs /google_battery u:object_r:debugfs_batteryinfo:s0 genfscon sysfs /devices/platform/soc/soc:google,charger/charge_start_level u:object_r:sysfs_chargelevel:s0 genfscon sysfs /devices/platform/soc/soc:google,charger/charge_stop_level u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_drainto_soc u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_soc u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_recharge_voltage u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_abs_temp u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_soc u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_temp u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_resume_time u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_temp u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_time u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_trigger_voltage u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_enable u:object_r:sysfs_chargelevel:s0 +genfscon sysfs /devices/platform/soc/soc:google,charger/bd_temp_dry_run u:object_r:sysfs_chargelevel:s0 # Pixelstats genfscon sysfs /devices/virtual/misc/msm_cirrus_playback/resistance_left_right u:object_r:sysfs_pixelstats:s0 @@ -122,6 +134,9 @@ genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi4/spi4.0/iaxxx-dev genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi4/spi4.0/iaxxx-dev/iaxxx_misc/wdsp_stat u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi5/spi5.0/iaxxx-dev/iaxxx_misc/codec_state u:object_r:sysfs_pixelstats:s0 genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi5/spi5.0/iaxxx-dev/iaxxx_misc/wdsp_stat u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/id_header u:object_r:sysfs_pixelstats:s0 +genfscon sysfs /devices/platform/soc/c440000.qcom,spmi/spmi-0/spmi0-02/c440000.qcom,spmi:qcom,pm8150b@2:qcom,usb-pdphy@1700/usbpd0/typec/port0/port0-partner/identity/product u:object_r:sysfs_pixelstats:s0 + # Audio Dsp for HardwareInfo genfscon sysfs /devices/platform/soc/a8c000.spi/spi_master/spi4/spi4.0/iaxxx-dev/iaxxx_misc/hwinfo_part_number u:object_r:sysfs_audio:s0 diff --git a/vendor/google/hal_dumpstate_impl.te b/vendor/google/hal_dumpstate_impl.te index 5a5bb09..ae79018 100644 --- a/vendor/google/hal_dumpstate_impl.te +++ b/vendor/google/hal_dumpstate_impl.te @@ -52,6 +52,8 @@ allow hal_dumpstate_impl debugfs_dma_buf:file r_file_perms; # Battery/Charger/Guage allow hal_dumpstate_impl debugfs_batteryinfo:file r_file_perms; +allow hal_dumpstate_impl sysfs_chargelevel:file r_file_perms; +allow hal_dumpstate_impl sysfs_batteryinfo:file r_file_perms; # Dump PMIC data allow hal_dumpstate_impl debugfs_pmic:dir r_dir_perms; diff --git a/vendor/google/hal_secure_element_default.te b/vendor/google/hal_secure_element_default.te deleted file mode 100644 index 94b811d..0000000 --- a/vendor/google/hal_secure_element_default.te +++ /dev/null @@ -1,6 +0,0 @@ -allow hal_secure_element_default secure_element_device:chr_file rw_file_perms; -allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms; -allow hal_secure_element_default ese_vendor_data_file:file create_file_perms; -allow hal_secure_element_default debugfs_ipc:dir search; -set_prop(hal_secure_element_default, vendor_secure_element_prop) -get_prop(hal_secure_element_default, vendor_modem_prop) diff --git a/vendor/google/logger_app.te b/vendor/google/logger_app.te index 92a9e37..df9741a 100644 --- a/vendor/google/logger_app.te +++ b/vendor/google/logger_app.te @@ -20,4 +20,5 @@ userdebug_or_eng(` set_prop(logger_app, vendor_modem_diag_prop) set_prop(logger_app, vendor_tcpdump_log_prop) set_prop(logger_app, vendor_wifi_sniffer_prop) + set_prop(logger_app, vendor_usb_prop) ') diff --git a/vendor/google/nfc.te b/vendor/google/nfc.te deleted file mode 100644 index 90efccc..0000000 --- a/vendor/google/nfc.te +++ /dev/null @@ -1 +0,0 @@ -set_prop(hal_nfc_default, vendor_modem_prop) diff --git a/vendor/google/property.te b/vendor/google/property.te index b8ed500..5584d78 100644 --- a/vendor/google/property.te +++ b/vendor/google/property.te @@ -26,8 +26,5 @@ type ecoservice_prop, property_type; type vendor_shutdown_prop, property_type; type vendor_battery_defender_prop, property_type; -# SecureElement property -type vendor_secure_element_prop, property_type; - # wifi_sniffer type vendor_wifi_sniffer_prop, property_type; diff --git a/vendor/google/property_contexts b/vendor/google/property_contexts index 262866e..3acdede 100644 --- a/vendor/google/property_contexts +++ b/vendor/google/property_contexts @@ -67,9 +67,6 @@ persist.vendor.mdm. u:object_r:vendor_modem_prop:s0 # ramoops vendor.ramoops. u:object_r:vendor_ramoops_prop:s0 -# SecureElement -persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 - # wifi_sniffer persist.vendor.wifi.sniffer.freq u:object_r:vendor_wifi_sniffer_prop:s0 persist.vendor.wifi.sniffer.bandwidth u:object_r:vendor_wifi_sniffer_prop:s0 diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te index 0284a07..6f0a04c 100644 --- a/vendor/qcom/common/file.te +++ b/vendor/qcom/common/file.te @@ -197,9 +197,6 @@ type persist_alarm_file, file_type, vendor_persist_type; type persist_time_file, file_type, vendor_persist_type; -# nfc file type for data vendor access -type nfc_vendor_data_file, file_type, data_file_type; - # kgsl file type for sysfs access type sysfs_kgsl, sysfs_type, fs_type; type sysfs_kgsl_proc, sysfs_type, fs_type; diff --git a/vendor/qcom/common/file_contexts b/vendor/qcom/common/file_contexts index f329e37..591b6ba 100644 --- a/vendor/qcom/common/file_contexts +++ b/vendor/qcom/common/file_contexts @@ -93,7 +93,6 @@ /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.keymaster@4\.0-strongbox-service-qti u:object_r:hal_keymaster_qti_exec:s0 /(vendor|system/vendor)/bin/hw/android\.hardware\.gatekeeper@1\.0-service-qti u:object_r:hal_gatekeeper_qti_exec:s0 -/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 /(vendor|system/vendor)/bin/imsrcsd u:object_r:hal_rcsservice_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0 /vendor/bin/hw/vendor\.qti\.hardware\.qseecom@1\.0-service u:object_r:hal_qseecom_default_exec:s0 @@ -238,8 +237,6 @@ # /vendor/bt_firmware(/.*)? u:object_r:bt_firmware_file:s0 -/dev/st21nfc u:object_r:nfc_device:s0 -/data/nfc(/.*)? u:object_r:nfc_data_file:s0 #Android NN Driver /(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.3-service-qti u:object_r:hal_neuralnetworks_default_exec:s0 @@ -275,6 +272,7 @@ /dev/msm_.* u:object_r:audio_device:s0 /dev/ramdump_.* u:object_r:ramdump_device:s0 /dev/at_.* u:object_r:at_device:s0 +/dev/qce u:object_r:qce_device:s0 # dev socket nodes /dev/socket/ipacm_log_file u:object_r:ipacm_socket:s0 diff --git a/vendor/qcom/common/hal_drm_widevine.te b/vendor/qcom/common/hal_drm_widevine.te index 0b3e295..2f8fbdd 100644 --- a/vendor/qcom/common/hal_drm_widevine.te +++ b/vendor/qcom/common/hal_drm_widevine.te @@ -11,3 +11,5 @@ allow hal_drm_widevine hal_display_config_hwservice:hwservice_manager find; binder_call(hal_drm_widevine, hal_graphics_composer_default) allow hal_drm_widevine { appdomain -isolated_app }:fd use; + +allow hal_drm_widevine qce_device:chr_file rw_file_perms; diff --git a/vendor/qcom/common/hal_neuralnetworks.te b/vendor/qcom/common/hal_neuralnetworks.te index 5fc3015..2a4e676 100644 --- a/vendor/qcom/common/hal_neuralnetworks.te +++ b/vendor/qcom/common/hal_neuralnetworks.te @@ -15,3 +15,6 @@ allow hal_neuralnetworks_default gpu_device:chr_file rw_file_perms; r_dir_file(hal_neuralnetworks_default, sysfs_soc) r_dir_file(hal_neuralnetworks_default, adsprpcd_file) + +# b/159570217 suppress warning related to zeroth.debuglog.logmask +dontaudit hal_neuralnetworks_default default_prop:file { open read }; diff --git a/vendor/qcom/common/hal_nfc_default.te b/vendor/qcom/common/hal_nfc_default.te deleted file mode 100644 index 3044f1d..0000000 --- a/vendor/qcom/common/hal_nfc_default.te +++ /dev/null @@ -1,3 +0,0 @@ -# Data file accesses. -allow hal_nfc_default nfc_vendor_data_file:dir create_dir_perms; -allow hal_nfc_default nfc_vendor_data_file:file create_file_perms; diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts new file mode 100644 index 0000000..eddf11d --- /dev/null +++ b/vendor/st/file_contexts @@ -0,0 +1,15 @@ +################################### +# vendor binaries +/(vendor|system/vendor)/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 +/(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.0-service\.st u:object_r:hal_secure_element_default_exec:s0 + + +################################### +# dev nodes +/dev/st54j_se u:object_r:secure_element_device:s0 +/dev/st21nfc u:object_r:nfc_device:s0 + +################################### +# data files +/data/nfc(/.*)? u:object_r:nfc_data_file:s0 + diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te new file mode 100644 index 0000000..5f0c7f6 --- /dev/null +++ b/vendor/st/hal_nfc_default.te @@ -0,0 +1,9 @@ +# NFC property +get_prop(hal_nfc_default, vendor_nfc_prop) + +# SecureElement property +set_prop(hal_nfc_default, vendor_secure_element_prop) + +# Modem property +set_prop(hal_nfc_default, vendor_modem_prop) + diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te new file mode 100644 index 0000000..1c127ea --- /dev/null +++ b/vendor/st/hal_secure_element_default.te @@ -0,0 +1,5 @@ +allow hal_secure_element_default secure_element_device:chr_file rw_file_perms; +dontaudit hal_secure_element_default debugfs_ipc:dir search; +set_prop(hal_secure_element_default, vendor_secure_element_prop) +get_prop(hal_secure_element_default, vendor_modem_prop) + diff --git a/vendor/st/property.te b/vendor/st/property.te new file mode 100644 index 0000000..723121a --- /dev/null +++ b/vendor/st/property.te @@ -0,0 +1,2 @@ +vendor_internal_prop(vendor_nfc_prop) +vendor_internal_prop(vendor_secure_element_prop) diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts new file mode 100644 index 0000000..c6cd8a4 --- /dev/null +++ b/vendor/st/property_contexts @@ -0,0 +1,6 @@ +# SecureElement +persist.vendor.se. u:object_r:vendor_secure_element_prop:s0 + +# NFC +persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 + diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te new file mode 100644 index 0000000..7de90e2 --- /dev/null +++ b/vendor/st/vendor_init.te @@ -0,0 +1,2 @@ +# NFC vendor property +set_prop(vendor_init, vendor_nfc_prop) |