diff options
author | Xin Li <delphij@google.com> | 2022-08-15 22:01:55 -0700 |
---|---|---|
committer | Xin Li <delphij@google.com> | 2022-08-15 22:01:55 -0700 |
commit | 97be0b0dbb02cfc93ef408b165c6341b511b2b94 (patch) | |
tree | 8bc8de220e7e6f934943eac78914ed0a44965e17 | |
parent | 992bb9bf1d53c151c2c0f39914caf3f052b3197b (diff) | |
parent | c7a10a69a22e696318856536aeb7e90668c723d2 (diff) | |
download | sunfish-sepolicy-android13-platform-release.tar.gz |
DO NOT MERGE - Merge Android 13android-platform-13.0.0_r1android13-platform-release
Bug: 242648940
Merged-In: I52312453e3ff079293cc55ecb2ec9d0b2bc8addd
Change-Id: Ia581f8e710abb4614671130358e3afe065bf418e
-rw-r--r-- | sunfish-sepolicy.mk | 1 | ||||
-rw-r--r-- | vendor/google/bug_map | 3 | ||||
-rw-r--r-- | vendor/google/file_contexts | 1 | ||||
-rw-r--r-- | vendor/google/pixelstats_vendor.te | 6 | ||||
-rw-r--r-- | vendor/qcom/common/cameraserver.te | 2 | ||||
-rw-r--r-- | vendor/qcom/common/file.te | 1 | ||||
-rw-r--r-- | vendor/qcom/common/genfs_contexts | 3 | ||||
-rw-r--r-- | vendor/qcom/common/mediacodec.te | 2 | ||||
-rw-r--r-- | vendor/qcom/common/seapp_contexts | 2 | ||||
-rw-r--r-- | vendor/qcom/common/service.te | 2 | ||||
-rw-r--r-- | vendor/qcom/common/service_contexts | 2 | ||||
-rw-r--r-- | vendor/qcom/common/shell.te | 3 |
12 files changed, 19 insertions, 9 deletions
diff --git a/sunfish-sepolicy.mk b/sunfish-sepolicy.mk index d408696..de0abea 100644 --- a/sunfish-sepolicy.mk +++ b/sunfish-sepolicy.mk @@ -13,5 +13,4 @@ BOARD_SEPOLICY_DIRS += device/google/sunfish-sepolicy/vendor/verizon SYSTEM_EXT_PRIVATE_SEPOLICY_DIRS += device/google/sunfish-sepolicy/system_ext/private # Pixel-wide sepolicy -BOARD_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/wifi_sniffer BOARD_VENDOR_SEPOLICY_DIRS += hardware/google/pixel-sepolicy/powerstats diff --git a/vendor/google/bug_map b/vendor/google/bug_map index ed89df6..acb3f80 100644 --- a/vendor/google/bug_map +++ b/vendor/google/bug_map @@ -10,3 +10,6 @@ shell debugfs file b/175106535 shell device_config_runtime_native_boot_prop file b/175106535 shell sysfs file b/175106535 tee tee capability2 b/156045688 +mediaswcodec gpu_device chr_file b/194313013 +mediaswcodec sysfs_msm_subsys dir b/194313013 +mediaserver sysfs_msm_subsys dir b/194313013 diff --git a/vendor/google/file_contexts b/vendor/google/file_contexts index 3618f57..0030286 100644 --- a/vendor/google/file_contexts +++ b/vendor/google/file_contexts @@ -12,7 +12,6 @@ # system binaries /system/bin/hw/hardware\.google\.pixelstats@1\.0-service u:object_r:pixelstats_system_exec:s0 /vendor/bin/easelmanagerd u:object_r:easel_exec:s0 -/vendor/bin/pixelstats-vendor u:object_r:pixelstats_vendor_exec:s0 /dev/battery_history u:object_r:battery_history_device:s0 # vendor binaries diff --git a/vendor/google/pixelstats_vendor.te b/vendor/google/pixelstats_vendor.te index 24f3170..3015d3f 100644 --- a/vendor/google/pixelstats_vendor.te +++ b/vendor/google/pixelstats_vendor.te @@ -1,9 +1,3 @@ -# pixelstats vendor -type pixelstats_vendor, domain; - -type pixelstats_vendor_exec, exec_type, vendor_file_type, file_type; -init_daemon_domain(pixelstats_vendor) - unix_socket_connect(pixelstats_vendor, chre, chre) get_prop(pixelstats_vendor, hwservicemanager_prop) diff --git a/vendor/qcom/common/cameraserver.te b/vendor/qcom/common/cameraserver.te index 92aacf7..dfd4524 100644 --- a/vendor/qcom/common/cameraserver.te +++ b/vendor/qcom/common/cameraserver.te @@ -6,3 +6,5 @@ get_prop(cameraserver, vendor_display_prop) # are not essential, and access denial to it won't break any gralloc mapper # functionality. dontaudit cameraserver gpu_device:chr_file rw_file_perms; + +dontaudit cameraserver sysfs_msm_subsys:dir search; diff --git a/vendor/qcom/common/file.te b/vendor/qcom/common/file.te index 23073eb..8a72cea 100644 --- a/vendor/qcom/common/file.te +++ b/vendor/qcom/common/file.te @@ -106,6 +106,7 @@ type nfc_vendor_data_file, file_type, data_file_type; type sysfs_kgsl, sysfs_type, fs_type; type sysfs_kgsl_proc, sysfs_type, fs_type; type sysfs_kgsl_snapshot, sysfs_type, fs_type; +type sysfs_kgsl_shell, sysfs_type, fs_type; type sysfs_securetouch, fs_type, sysfs_type; type sysfs_data, fs_type, sysfs_type; type sysfs_diag, fs_type, sysfs_type; diff --git a/vendor/qcom/common/genfs_contexts b/vendor/qcom/common/genfs_contexts index 8afbb14..6ea25b6 100644 --- a/vendor/qcom/common/genfs_contexts +++ b/vendor/qcom/common/genfs_contexts @@ -6,6 +6,7 @@ genfscon sysfs /class/uio genfscon sysfs /devices/virtual/kgsl/kgsl/proc u:object_r:sysfs_kgsl_proc:s0 genfscon sysfs /devices/platform/soc/0.qcom,rmtfs_sharedmem u:object_r:sysfs_rmtfs:s0 genfscon sysfs /devices/platform/soc/soc:qcom,kgsl-hyp u:object_r:sysfs_msm_subsys:s0 +genfscon sysfs /devices/platform/soc/5000000.qcom,kgsl-3d0/kgsl/kgsl-3d0/perfcounter u:object_r:sysfs_kgsl_shell:s0 genfscon sysfs /devices/platform/soc/soc:qcom,spss_utils u:object_r:sysfs_spss:s0 genfscon sysfs /bus/esoc u:object_r:sysfs_esoc:s0 genfscon sysfs /bus/msm_subsys u:object_r:sysfs_msm_subsys:s0 @@ -26,3 +27,5 @@ genfscon sysfs /devices/platform/soc/soc:qcom,ipa_fws@1e08000 genfscon sysfs /devices/virtual/xt_hardidletimer/timers u:object_r:sysfs_data:s0 genfscon sysfs /devices/virtual/xt_idletimer/timers u:object_r:sysfs_data:s0 genfscon sysfs /module/subsystem_restart/parameters/enable_ramdumps u:object_r:sysfs_ssr:s0 +genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/virtual/fastrpc/adsprpc-smd-secure/wakeup u:object_r:sysfs_wakeup:s0 diff --git a/vendor/qcom/common/mediacodec.te b/vendor/qcom/common/mediacodec.te index 5ef6b8f..bec15f6 100644 --- a/vendor/qcom/common/mediacodec.te +++ b/vendor/qcom/common/mediacodec.te @@ -3,3 +3,5 @@ get_prop(mediacodec, ecoservice_prop) allow mediacodec hal_camera_default:binder call; get_prop(mediacodec, vendor_display_prop) + +dontaudit mediacodec sysfs_msm_subsys:dir search; diff --git a/vendor/qcom/common/seapp_contexts b/vendor/qcom/common/seapp_contexts index 6b2ff84..fbf0b3a 100644 --- a/vendor/qcom/common/seapp_contexts +++ b/vendor/qcom/common/seapp_contexts @@ -33,3 +33,5 @@ user=_app seinfo=platform name=com.qualcomm.qti.devicestatisticsservice domain=q # QtiTelephonyService app user=_app seinfo=platform name=com.qualcomm.qti.telephonyservice domain=qtelephony type=app_data_file levelFrom=all +#Add ExtTelephonyService to vendor_qtelephony +user=_app seinfo=platform name=com.qti.phone domain=qtelephony type=app_data_file levelFrom=all diff --git a/vendor/qcom/common/service.te b/vendor/qcom/common/service.te index 84fac64..1854107 100644 --- a/vendor/qcom/common/service.te +++ b/vendor/qcom/common/service.te @@ -4,4 +4,4 @@ type imsrcs_service, service_manager_type; type improve_touch_service, service_manager_type; type gba_auth_service, service_manager_type; type qtitetherservice_service, service_manager_type; -type hal_telephony_service, service_manager_type, hal_service_type; +type hal_telephony_service, service_manager_type, hal_service_type, protected_service; diff --git a/vendor/qcom/common/service_contexts b/vendor/qcom/common/service_contexts index 405f768..c11263b 100644 --- a/vendor/qcom/common/service_contexts +++ b/vendor/qcom/common/service_contexts @@ -1 +1,3 @@ vendor.qti.hardware.radio.ims.IImsRadio/default u:object_r:hal_telephony_service:s0 +vendor.qti.hardware.radio.ims.IImsRadio/imsradio0 u:object_r:hal_telephony_service:s0 +vendor.qti.hardware.radio.ims.IImsRadio/imsradio1 u:object_r:hal_telephony_service:s0 diff --git a/vendor/qcom/common/shell.te b/vendor/qcom/common/shell.te new file mode 100644 index 0000000..cd0e4a4 --- /dev/null +++ b/vendor/qcom/common/shell.te @@ -0,0 +1,3 @@ +# allow shell users to control kgsl perfcounters +allow shell sysfs_kgsl_shell:file rw_file_perms; +allow shell sysfs_msm_subsys:dir r_dir_perms; |