diff options
| author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-11-08 00:03:45 +0000 |
|---|---|---|
| committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-11-08 00:03:45 +0000 |
| commit | be552bc1f9789c7ce1d1c7d02a6376cf055521bc (patch) | |
| tree | 0dcb3da5f32a8ff81e1f516a45631bd8c446b5dd | |
| parent | 76c58826c5cbaf65c028a158221d5fcfb67ad197 (diff) | |
| parent | e22b188d9d7a7aa4f199bf89a95f8cc0663937c9 (diff) | |
| download | gs201-sepolicy-be552bc1f9789c7ce1d1c7d02a6376cf055521bc.tar.gz | |
Snap for 11065517 from e22b188d9d7a7aa4f199bf89a95f8cc0663937c9 to 24Q1-release
Change-Id: Ic7ce5376a8200d34a45f632f3cecada6b3215546
| -rw-r--r-- | whitechapel_pro/file.te | 3 | ||||
| -rw-r--r-- | whitechapel_pro/file_contexts | 3 | ||||
| -rw-r--r-- | whitechapel_pro/hal_sensors_default.te | 74 | ||||
| -rw-r--r-- | whitechapel_pro/te_macros | 14 |
4 files changed, 7 insertions, 87 deletions
diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index fb4bad8..b663013 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -7,8 +7,6 @@ type vendor_slog_file, file_type, data_file_type; type updated_wifi_firmware_data_file, file_type, data_file_type; type vendor_media_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; -type sensor_debug_data_file, file_type, data_file_type; -type sensor_reg_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; @@ -59,7 +57,6 @@ allow modem_img_file self:filesystem associate; type persist_battery_file, file_type, vendor_persist_type; type persist_camera_file, file_type, vendor_persist_type; type persist_modem_file, file_type, vendor_persist_type; -type persist_sensor_reg_file, file_type, vendor_persist_type; type persist_ss_file, file_type, vendor_persist_type; type persist_uwb_file, file_type, vendor_persist_type; type persist_display_file, file_type, vendor_persist_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index 75f8ccc..c7203b5 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -204,8 +204,6 @@ /data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 -/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 -/data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 /dev/maxfg_history u:object_r:battery_history_device:s0 /dev/battery_history u:object_r:battery_history_device:s0 @@ -215,7 +213,6 @@ /mnt/vendor/persist/battery(/.*)? u:object_r:persist_battery_file:s0 /mnt/vendor/persist/camera(/.*)? u:object_r:persist_camera_file:s0 /mnt/vendor/persist/modem(/.*)? u:object_r:persist_modem_file:s0 -/mnt/vendor/persist/sensors/registry(/.*)? u:object_r:persist_sensor_reg_file:s0 /mnt/vendor/persist/ss(/.*)? u:object_r:persist_ss_file:s0 /mnt/vendor/persist/uwb(/.*)? u:object_r:persist_uwb_file:s0 /mnt/vendor/persist/display(/.*)? u:object_r:persist_display_file:s0 diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te index 076ceaf..620095d 100644 --- a/whitechapel_pro/hal_sensors_default.te +++ b/whitechapel_pro/hal_sensors_default.te @@ -2,15 +2,14 @@ # USF sensor HAL SELinux type enforcements. # -# Allow access to the AoC communication driver. -allow hal_sensors_default aoc_device:chr_file rw_file_perms; +# Allow reading of camera persist files. +r_dir_file(hal_sensors_default, persist_camera_file) -# Allow access to CHRE socket to connect to nanoapps. -allow hal_sensors_default chre:unix_stream_socket connectto; -allow hal_sensors_default chre_socket:sock_file write; +# Allow access to the files of CDT information. +r_dir_file(hal_sensors_default, sysfs_chosen) -# Allow create thread to watch AOC's device. -allow hal_sensors_default device:dir r_dir_perms; +# Allow display_info_service access to the backlight driver. +allow hal_sensors_default sysfs_write_leds:file rw_file_perms; # Allow access for dynamic sensor properties. get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) @@ -18,70 +17,11 @@ get_prop(hal_sensors_default, vendor_dynamic_sensor_prop) # Allow access to raw HID devices for dynamic sensors. allow hal_sensors_default hidraw_device:chr_file rw_file_perms; -# Allow SensorSuez to connect AIDL stats. -allow hal_sensors_default fwk_stats_service:service_manager find; - -# Allow reading of sensor registry persist files and camera persist files. -allow hal_sensors_default mnt_vendor_file:dir search; -allow hal_sensors_default persist_file:dir search; -allow hal_sensors_default persist_file:file r_file_perms; -allow hal_sensors_default persist_sensor_reg_file:dir r_dir_perms; -allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; -r_dir_file(hal_sensors_default, persist_camera_file) - -# Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file create_file_perms; - -userdebug_or_eng(` - # Allow creation and writing of sensor debug data files. - allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; - allow hal_sensors_default sensor_debug_data_file:file create_file_perms; -') - -# Allow access to the display info for ALS. -allow hal_sensors_default sysfs_display:file rw_file_perms; - -# Allow access to the sysfs_aoc. -allow hal_sensors_default sysfs_aoc:dir search; -allow hal_sensors_default sysfs_aoc:file r_file_perms; - -# Allow access for AoC properties. -get_prop(hal_sensors_default, vendor_aoc_prop) - -# Allow sensor HAL to read AoC dumpstate. -allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms; - -# Allow access to the AoC clock and kernel boot time sys FS node. This is needed -# to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; - -# Allow access to the files of CDT information. -allow hal_sensors_default sysfs_chosen:dir search; -allow hal_sensors_default sysfs_chosen:file r_file_perms; - -# Allow access to sensor service for sensor_listener. -binder_call(hal_sensors_default, system_server); - -# Allow sensor HAL to reset AOC. -allow hal_sensors_default sysfs_aoc_reset:file rw_file_perms; - -# Allow sensor HAL to read AoC dumpstate. -allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms; - # Allow sensor HAL to access the display service HAL allow hal_sensors_default hal_pixel_display_service:service_manager find; -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_leds:dir search; -allow hal_sensors_default sysfs_leds:file r_file_perms; - # Allow sensor HAL to access the graphics composer. -binder_call(hal_sensors_default, hal_graphics_composer_default); - -# Allow display_info_service access to the backlight driver. -allow hal_sensors_default sysfs_write_leds:file rw_file_perms; +binder_call(hal_sensors_default, hal_graphics_composer_default) # Allow access to the power supply files for MagCC. -r_dir_file(hal_sensors_default, sysfs_batteryinfo) allow hal_sensors_default sysfs_wlc:dir r_dir_perms; diff --git a/whitechapel_pro/te_macros b/whitechapel_pro/te_macros deleted file mode 100644 index 01ac13c..0000000 --- a/whitechapel_pro/te_macros +++ /dev/null @@ -1,14 +0,0 @@ -# -# USF SELinux type enforcement macros. -# - -# -# usf_low_latency_transport(domain) -# -# Allows domain use of the USF low latency transport. -# -define(`usf_low_latency_transport', ` - allow $1 hal_graphics_mapper_hwservice:hwservice_manager find; - hal_client_domain($1, hal_graphics_allocator) -') - |