diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 00:57:04 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-07-07 00:57:04 +0000 |
commit | 4edb3ede4599c5b60929ea1a4f97a03b9bee3642 (patch) | |
tree | 8f855b682492156471b93b4371aa4fb9d1d15400 | |
parent | 99dafd039da9de5edd47297bd46ec120865ec52c (diff) | |
parent | 34210357f5e8bae13927a5ab67ef93ff0266a704 (diff) | |
download | gs201-sepolicy-android14-mainline-tethering-release.tar.gz |
Snap for 10447354 from 34210357f5e8bae13927a5ab67ef93ff0266a704 to mainline-tethering-releaseaml_tet_341712060aml_tet_341610020aml_tet_341511010aml_tet_341411060aml_tet_341310230aml_tet_341112070aml_tet_341010040aml_tet_340913030android14-mainline-tethering-release
Change-Id: I9470c6218bb83758f92d4a97156becae93da9e57
124 files changed, 741 insertions, 814 deletions
diff --git a/aoc/aocd.te b/aoc/aocd.te deleted file mode 100644 index 69b0af0..0000000 --- a/aoc/aocd.te +++ /dev/null @@ -1,21 +0,0 @@ -type aocd, domain; -type aocd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(aocd) - -# access persist files -allow aocd mnt_vendor_file:dir search; -allow aocd persist_file:dir search; -r_dir_file(aocd, persist_aoc_file); - -# sysfs operations -allow aocd sysfs_aoc:dir search; -allow aocd sysfs_aoc_firmware:file w_file_perms; - -# dev operations -allow aocd aoc_device:chr_file rw_file_perms; - -# allow inotify to watch for additions/removals from /dev -allow aocd device:dir r_dir_perms; - -# set properties -set_prop(aocd, vendor_aoc_prop) diff --git a/aoc/aocdump.te b/aoc/aocdump.te deleted file mode 100644 index 0801ec0..0000000 --- a/aoc/aocdump.te +++ /dev/null @@ -1,18 +0,0 @@ -type aocdump, domain; -type aocdump_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(aocdump) - -userdebug_or_eng(` - # Permit communication with AoC - allow aocdump aoc_device:chr_file rw_file_perms; - - allow aocdump radio_vendor_data_file:dir rw_dir_perms; - allow aocdump radio_vendor_data_file:file create_file_perms; - allow aocdump wifi_logging_data_file:dir create_dir_perms; - allow aocdump wifi_logging_data_file:file create_file_perms; - set_prop(aocdump, vendor_audio_prop); - r_dir_file(aocdump, proc_asound) - - allow aocdump self:unix_stream_socket create_stream_socket_perms; - allow aocdump audio_vendor_data_file:sock_file { create unlink }; -') diff --git a/aoc/device.te b/aoc/device.te deleted file mode 100644 index fbd2b32..0000000 --- a/aoc/device.te +++ /dev/null @@ -1,5 +0,0 @@ -# AOC device -type aoc_device, dev_type; - -# AMCS device -type amcs_device, dev_type; diff --git a/aoc/file.te b/aoc/file.te deleted file mode 100644 index 3e0baf8..0000000 --- a/aoc/file.te +++ /dev/null @@ -1,17 +0,0 @@ -# sysfs -type sysfs_aoc_dumpstate, sysfs_type, fs_type; -type sysfs_aoc_boottime, sysfs_type, fs_type; -type sysfs_aoc_firmware, sysfs_type, fs_type; -type sysfs_aoc, sysfs_type, fs_type; -type sysfs_aoc_reset, sysfs_type, fs_type; -type sysfs_pixelstats, fs_type, sysfs_type; - -# persist -type persist_aoc_file, file_type, vendor_persist_type; -type persist_audio_file, file_type, vendor_persist_type; - -# vendor -type aoc_audio_file, file_type, vendor_file_type; - -# data -type audio_vendor_data_file, file_type, data_file_type; diff --git a/aoc/file_contexts b/aoc/file_contexts deleted file mode 100644 index 71fb097..0000000 --- a/aoc/file_contexts +++ /dev/null @@ -1,34 +0,0 @@ -# AoC devices -/dev/acd-audio_output_tuning u:object_r:aoc_device:s0 -/dev/acd-audio_bulk_tx u:object_r:aoc_device:s0 -/dev/acd-audio_bulk_rx u:object_r:aoc_device:s0 -/dev/acd-audio_input_tuning u:object_r:aoc_device:s0 -/dev/acd-audio_input_bulk_tx u:object_r:aoc_device:s0 -/dev/acd-audio_input_bulk_rx u:object_r:aoc_device:s0 -/dev/acd-sound_trigger u:object_r:aoc_device:s0 -/dev/acd-hotword_notification u:object_r:aoc_device:s0 -/dev/acd-hotword_pcm u:object_r:aoc_device:s0 -/dev/acd-ambient_pcm u:object_r:aoc_device:s0 -/dev/acd-model_data u:object_r:aoc_device:s0 -/dev/acd-debug u:object_r:aoc_device:s0 -/dev/acd-audio_tap[0-9]* u:object_r:aoc_device:s0 -/dev/acd-audio_dcdoff_ref u:object_r:aoc_device:s0 -/dev/acd-com.google.usf u:object_r:aoc_device:s0 -/dev/acd-logging u:object_r:aoc_device:s0 -/dev/aoc u:object_r:aoc_device:s0 -/dev/amcs u:object_r:amcs_device:s0 - -# AoC vendor binaries -/vendor/bin/aocd u:object_r:aocd_exec:s0 -/vendor/bin/aocdump u:object_r:aocdump_exec:s0 -/vendor/bin/hw/vendor\.google\.audiometricext@1\.0-service-vendor u:object_r:hal_audiometricext_default_exec:s0 - -# AoC audio files -/vendor/etc/aoc(/.*)? u:object_r:aoc_audio_file:s0 - -# Aoc persist files -/mnt/vendor/persist/aoc(/.*)? u:object_r:persist_aoc_file:s0 -/mnt/vendor/persist/audio(/.*)? u:object_r:persist_audio_file:s0 - -# Audio data files -/data/vendor/audio(/.*)? u:object_r:audio_vendor_data_file:s0 diff --git a/aoc/genfs_contexts b/aoc/genfs_contexts deleted file mode 100644 index 46773bb..0000000 --- a/aoc/genfs_contexts +++ /dev/null @@ -1,28 +0,0 @@ -# AOC -genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 -genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 -genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0 -genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 -genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 -genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes u:object_r:sysfs_aoc_dumpstate:s0 - -# pixelstat_vendor -genfscon sysfs /devices/platform/audiometrics/codec_state u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/hs_codec_state u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_impedance u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_excursion u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_heartbeat u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/speaker_temp u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/mic_broken_degrade u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/codec_crashed_counter u:object_r:sysfs_pixelstats:s0 -genfscon sysfs /devices/platform/audiometrics/hwinfo_part_number u:object_r:sysfs_pixelstats:s0 - diff --git a/aoc/hal_audio_default.te b/aoc/hal_audio_default.te deleted file mode 100644 index 0755cba..0000000 --- a/aoc/hal_audio_default.te +++ /dev/null @@ -1,35 +0,0 @@ -vndbinder_use(hal_audio_default) -hwbinder_use(hal_audio_default) - -allow hal_audio_default audio_vendor_data_file:dir rw_dir_perms; -allow hal_audio_default audio_vendor_data_file:file create_file_perms; - -r_dir_file(hal_audio_default, aoc_audio_file); -r_dir_file(hal_audio_default, mnt_vendor_file); -r_dir_file(hal_audio_default, persist_audio_file); - -allow hal_audio_default persist_file:dir search; -allow hal_audio_default aoc_device:file rw_file_perms; -allow hal_audio_default aoc_device:chr_file rw_file_perms; - -allow hal_audio_default hal_audio_ext_hwservice:hwservice_manager { find add }; - -allow hal_audio_default amcs_device:file rw_file_perms; -allow hal_audio_default amcs_device:chr_file rw_file_perms; -allow hal_audio_default sysfs_pixelstats:file rw_file_perms; - -#allow access to DMABUF Heaps for AAudio API -allow hal_audio_default dmabuf_heap_device:chr_file r_file_perms; - -get_prop(hal_audio_default, vendor_audio_prop); - -hal_client_domain(hal_audio_default, hal_health); -hal_client_domain(hal_audio_default, hal_thermal); -allow hal_audio_default fwk_sensor_hwservice:hwservice_manager find; - -userdebug_or_eng(` - allow hal_audio_default self:unix_stream_socket create_stream_socket_perms; - allow hal_audio_default audio_vendor_data_file:sock_file { create unlink }; -') - -wakelock_use(hal_audio_default); diff --git a/aoc/hal_audiometricext_default.te b/aoc/hal_audiometricext_default.te deleted file mode 100644 index 5358eac..0000000 --- a/aoc/hal_audiometricext_default.te +++ /dev/null @@ -1,12 +0,0 @@ -type hal_audiometricext_default, domain; -type hal_audiometricext_default_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(hal_audiometricext_default) - -allow hal_audiometricext_default amcs_device:chr_file rw_file_perms; -allow hal_audiometricext_default sysfs_pixelstats:file rw_file_perms; - -get_prop(hal_audiometricext_default, vendor_audio_prop); -get_prop(hal_audiometricext_default, hwservicemanager_prop); - -hwbinder_use(hal_audiometricext_default); -add_hwservice(hal_audiometricext_default, hal_audiometricext_hwservice); diff --git a/aoc/hwservice.te b/aoc/hwservice.te deleted file mode 100644 index b7bf5d9..0000000 --- a/aoc/hwservice.te +++ /dev/null @@ -1,6 +0,0 @@ -# Audio -type hal_audio_ext_hwservice, hwservice_manager_type; - -# AudioMetric -type hal_audiometricext_hwservice, hwservice_manager_type; - diff --git a/aoc/hwservice_contexts b/aoc/hwservice_contexts deleted file mode 100644 index f06c846..0000000 --- a/aoc/hwservice_contexts +++ /dev/null @@ -1,4 +0,0 @@ -# Audio -vendor.google.whitechapel.audio.audioext::IAudioExt u:object_r:hal_audio_ext_hwservice:s0 -vendor.google.audiometricext::IAudioMetricExt u:object_r:hal_audiometricext_hwservice:s0 - diff --git a/aoc/property.te b/aoc/property.te deleted file mode 100644 index d38e3ec..0000000 --- a/aoc/property.te +++ /dev/null @@ -1,4 +0,0 @@ -# AoC -vendor_internal_prop(vendor_aoc_prop) -# Audio -vendor_internal_prop(vendor_audio_prop) diff --git a/aoc/property_contexts b/aoc/property_contexts deleted file mode 100644 index d502830..0000000 --- a/aoc/property_contexts +++ /dev/null @@ -1,11 +0,0 @@ -# AoC -vendor.aoc.firmware.version u:object_r:vendor_aoc_prop:s0 - -# for audio -vendor.audio_hal.period_multiplier u:object_r:vendor_audio_prop:s0 -vendor.audiodump.enable u:object_r:vendor_audio_prop:s0 -persist.vendor.audio. u:object_r:vendor_audio_prop:s0 -vendor.audiodump.log.ondemand u:object_r:vendor_audio_prop:s0 -vendor.audiodump.log.config u:object_r:vendor_audio_prop:s0 -vendor.audiodump.output.dir u:object_r:vendor_audio_prop:s0 -vendor.audiodump.encode.disable u:object_r:vendor_audio_prop:s0 diff --git a/dauntless/citadel_provision.te b/dauntless/citadel_provision.te deleted file mode 100644 index 5605085..0000000 --- a/dauntless/citadel_provision.te +++ /dev/null @@ -1,6 +0,0 @@ -type citadel_provision, domain; -type citadel_provision_exec, exec_type, vendor_file_type, file_type; - -userdebug_or_eng(` - init_daemon_domain(citadel_provision) -') diff --git a/dauntless/citadeld.te b/dauntless/citadeld.te deleted file mode 100644 index 86cb61c..0000000 --- a/dauntless/citadeld.te +++ /dev/null @@ -1,13 +0,0 @@ -type citadeld, domain; -type citadeld_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(citadeld) - -add_service(citadeld, citadeld_service) -binder_use(citadeld) -vndbinder_use(citadeld) -binder_call(citadeld, system_server) - -allow citadeld citadel_device:chr_file rw_file_perms; -allow citadeld fwk_stats_service:service_manager find; -allow citadeld hal_power_stats_vendor_service:service_manager find; diff --git a/dauntless/device.te b/dauntless/device.te deleted file mode 100644 index f63186f..0000000 --- a/dauntless/device.te +++ /dev/null @@ -1 +0,0 @@ -type citadel_device, dev_type; diff --git a/dauntless/file.te b/dauntless/file.te deleted file mode 100644 index cfc0dea..0000000 --- a/dauntless/file.te +++ /dev/null @@ -1 +0,0 @@ -type citadel_updater, vendor_file_type, file_type; diff --git a/dauntless/file_contexts b/dauntless/file_contexts deleted file mode 100644 index 76a2502..0000000 --- a/dauntless/file_contexts +++ /dev/null @@ -1,9 +0,0 @@ -/vendor/bin/CitadelProvision u:object_r:citadel_provision_exec:s0 -/vendor/bin/hw/init_citadel u:object_r:init_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.security\.keymint-service\.citadel u:object_r:hal_keymint_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.weaver@1\.0-service\.citadel u:object_r:hal_weaver_citadel_exec:s0 -/vendor/bin/hw/android\.hardware\.identity@1\.0-service\.citadel u:object_r:hal_identity_citadel_exec:s0 -/vendor/bin/hw/citadel_updater u:object_r:citadel_updater:s0 -/vendor/bin/hw/citadeld u:object_r:citadeld_exec:s0 - -/dev/gsc0 u:object_r:citadel_device:s0 diff --git a/dauntless/hal_identity_citadel.te b/dauntless/hal_identity_citadel.te deleted file mode 100644 index c181e27..0000000 --- a/dauntless/hal_identity_citadel.te +++ /dev/null @@ -1,11 +0,0 @@ -type hal_identity_citadel, domain; -type hal_identity_citadel_exec, exec_type, vendor_file_type, file_type; - -vndbinder_use(hal_identity_citadel) -binder_call(hal_identity_citadel, citadeld) -allow hal_identity_citadel citadeld_service:service_manager find; -allow hal_identity_citadel hal_keymint_citadel:binder call; - -hal_server_domain(hal_identity_citadel, hal_identity) -hal_server_domain(hal_identity_citadel, hal_keymint) -init_daemon_domain(hal_identity_citadel) diff --git a/dauntless/hal_keymint_citadel.te b/dauntless/hal_keymint_citadel.te deleted file mode 100644 index e1a6177..0000000 --- a/dauntless/hal_keymint_citadel.te +++ /dev/null @@ -1,9 +0,0 @@ -type hal_keymint_citadel, domain; -type hal_keymint_citadel_exec, exec_type, vendor_file_type, file_type; - -hal_server_domain(hal_keymint_citadel, hal_keymint) -init_daemon_domain(hal_keymint_citadel) -vndbinder_use(hal_keymint_citadel) -get_prop(hal_keymint_citadel, vendor_security_patch_level_prop) -allow hal_keymint_citadel citadeld_service:service_manager find; -binder_call(hal_keymint_citadel, citadeld) diff --git a/dauntless/hal_weaver_citadel.te b/dauntless/hal_weaver_citadel.te deleted file mode 100644 index c47287b..0000000 --- a/dauntless/hal_weaver_citadel.te +++ /dev/null @@ -1,11 +0,0 @@ -type hal_weaver_citadel, domain; -type hal_weaver_citadel_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(hal_weaver_citadel) -hal_server_domain(hal_weaver_citadel, hal_weaver) -hal_server_domain(hal_weaver_citadel, hal_oemlock) -hal_server_domain(hal_weaver_citadel, hal_authsecret) -vndbinder_use(hal_weaver_citadel) -binder_call(hal_weaver_citadel, citadeld) - -allow hal_weaver_citadel citadeld_service:service_manager find; diff --git a/dauntless/init_citadel.te b/dauntless/init_citadel.te deleted file mode 100644 index 2e986d0..0000000 --- a/dauntless/init_citadel.te +++ /dev/null @@ -1,15 +0,0 @@ -type init_citadel, domain; -type init_citadel_exec, exec_type, vendor_file_type, file_type; - -init_daemon_domain(init_citadel) - -# Citadel communication must be via citadeld -vndbinder_use(init_citadel) -binder_call(init_citadel, citadeld) -allow init_citadel citadeld_service:service_manager find; - -# Many standard utils are actually vendor_toolbox (like xxd) -allow init_citadel vendor_toolbox_exec:file rx_file_perms; - -# init_citadel needs to invoke citadel_updater -allow init_citadel citadel_updater:file rx_file_perms; diff --git a/dauntless/service_contexts b/dauntless/service_contexts deleted file mode 100644 index ac6a186..0000000 --- a/dauntless/service_contexts +++ /dev/null @@ -1,3 +0,0 @@ -android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 -android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 -android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_remotelyprovisionedcomponent_service:s0 diff --git a/dauntless/vndservice.te b/dauntless/vndservice.te deleted file mode 100644 index 880c09c..0000000 --- a/dauntless/vndservice.te +++ /dev/null @@ -1 +0,0 @@ -type citadeld_service, vndservice_manager_type; diff --git a/dauntless/vndservice_contexts b/dauntless/vndservice_contexts deleted file mode 100644 index b4df996..0000000 --- a/dauntless/vndservice_contexts +++ /dev/null @@ -1 +0,0 @@ -android.hardware.citadel.ICitadeld u:object_r:citadeld_service:s0 diff --git a/edgetpu/file_contexts b/edgetpu/file_contexts deleted file mode 100644 index 7b5d25a..0000000 --- a/edgetpu/file_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# EdgeTPU device (DarwiNN) -/dev/janeiro u:object_r:edgetpu_device:s0 diff --git a/edgetpu/genfs_contexts b/edgetpu/genfs_contexts deleted file mode 100644 index 78e7e95..0000000 --- a/edgetpu/genfs_contexts +++ /dev/null @@ -1,2 +0,0 @@ -# EdgeTPU -genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0 diff --git a/edgetpu/google_camera_app.te b/edgetpu/google_camera_app.te deleted file mode 100644 index a0ad731..0000000 --- a/edgetpu/google_camera_app.te +++ /dev/null @@ -1,3 +0,0 @@ -# Allows GCA to find and access the EdgeTPU. -allow google_camera_app edgetpu_app_service:service_manager find; -allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; diff --git a/gps/device.te b/gps/device.te deleted file mode 100644 index 15d049f..0000000 --- a/gps/device.te +++ /dev/null @@ -1 +0,0 @@ -type vendor_gnss_device, dev_type; diff --git a/gps/file.te b/gps/file.te deleted file mode 100644 index 537afdb..0000000 --- a/gps/file.te +++ /dev/null @@ -1,7 +0,0 @@ -type vendor_gps_file, file_type, data_file_type; -userdebug_or_eng(` - typeattribute vendor_gps_file mlstrustedobject; -') - -type sysfs_gps, sysfs_type, fs_type; -type sysfs_gps_assert, sysfs_type, fs_type; diff --git a/gps/file_contexts b/gps/file_contexts deleted file mode 100644 index 8ae128e..0000000 --- a/gps/file_contexts +++ /dev/null @@ -1,12 +0,0 @@ -# gnss/gps data/log files -/data/vendor/gps(/.*)? u:object_r:vendor_gps_file:s0 - -# devices -/dev/bbd_control u:object_r:vendor_gnss_device:s0 -/dev/ttyBCM u:object_r:vendor_gnss_device:s0 - -# vendor binaries -/vendor/bin/hw/scd u:object_r:scd_exec:s0 -/vendor/bin/hw/lhd u:object_r:lhd_exec:s0 -/vendor/bin/hw/gpsd u:object_r:gpsd_exec:s0 -/vendor/bin/hw/android\.hardware\.gnss@[0-9]\.[0-9]-service-brcm u:object_r:hal_gnss_default_exec:s0 diff --git a/gps/genfs_contexts b/gps/genfs_contexts deleted file mode 100644 index 49dfdd0..0000000 --- a/gps/genfs_contexts +++ /dev/null @@ -1,4 +0,0 @@ -# GPS -genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 -genfscon sysfs /devices/virtual/pps/pps0/assert_elapsed u:object_r:sysfs_gps_assert:s0 - diff --git a/gps/gpsd.te b/gps/gpsd.te deleted file mode 100644 index 791a02e..0000000 --- a/gps/gpsd.te +++ /dev/null @@ -1,28 +0,0 @@ -type gpsd, domain; -type gpsd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(gpsd) - -# Allow gpsd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute gpsd mlstrustedsubject; - allow gpsd logger_app:unix_stream_socket connectto; -') - -# Allow gpsd to obtain wakelock -wakelock_use(gpsd) - -# Allow gpsd access data vendor gps files -allow gpsd vendor_gps_file:dir create_dir_perms; -allow gpsd vendor_gps_file:file create_file_perms; -allow gpsd vendor_gps_file:fifo_file create_file_perms; - -# Allow gpsd to access rild -binder_call(gpsd, rild); -allow gpsd hal_exynos_rild_hwservice:hwservice_manager find; - -# Allow gpsd to access sensor service -binder_call(gpsd, system_server); -allow gpsd fwk_sensor_hwservice:hwservice_manager find; - -# Allow gpsd to access pps gpio -allow gpsd sysfs_gps_assert:file r_file_perms; diff --git a/gps/hal_gnss_default.te b/gps/hal_gnss_default.te deleted file mode 100644 index e300423..0000000 --- a/gps/hal_gnss_default.te +++ /dev/null @@ -1,4 +0,0 @@ -# Allow hal_gnss_default access data vendor gps files -allow hal_gnss_default vendor_gps_file:dir create_dir_perms; -allow hal_gnss_default vendor_gps_file:file create_file_perms; -allow hal_gnss_default vendor_gps_file:fifo_file create_file_perms; diff --git a/gps/lhd.te b/gps/lhd.te deleted file mode 100644 index e980897..0000000 --- a/gps/lhd.te +++ /dev/null @@ -1,23 +0,0 @@ -type lhd, domain; -type lhd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(lhd) - -# Allow lhd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute lhd mlstrustedsubject; - allow lhd logger_app:unix_stream_socket connectto; -') - -# Allow lhd access data vendor gps files -allow lhd vendor_gps_file:dir create_dir_perms; -allow lhd vendor_gps_file:file create_file_perms; -allow lhd vendor_gps_file:fifo_file create_file_perms; - -# Allow lhd to obtain wakelock -wakelock_use(lhd) - -# Allow lhd access /dev/bbd_control file -allow lhd vendor_gnss_device:chr_file rw_file_perms; - -# Allow lhd access nstandby gpio -allow lhd sysfs_gps:file rw_file_perms; diff --git a/gps/scd.te b/gps/scd.te deleted file mode 100644 index 28aaee0..0000000 --- a/gps/scd.te +++ /dev/null @@ -1,17 +0,0 @@ -type scd, domain; -type scd_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(scd) - -# Allow scd access PixelLogger unix socket in debug build only -userdebug_or_eng(` - typeattribute scd mlstrustedsubject; - allow scd logger_app:unix_stream_socket connectto; -') - -# Allow a base set of permissions required for network access. -net_domain(scd); - -# Allow scd access data vendor gps files -allow scd vendor_gps_file:dir create_dir_perms; -allow scd vendor_gps_file:file create_file_perms; -allow scd vendor_gps_file:fifo_file create_file_perms; diff --git a/tracking_denials/bug_map b/tracking_denials/bug_map new file mode 100644 index 0000000..f821732 --- /dev/null +++ b/tracking_denials/bug_map @@ -0,0 +1,30 @@ +cat_engine_service_app system_app_data_file dir b/238705599 +dex2oat privapp_data_file dir b/276386138 +dump_pixel_metrics sysfs file b/268147113 +dumpstate app_zygote process b/237491813 +dumpstate system_data_file dir b/239484651 +hal_camera_default boot_status_prop file b/275001783 +hal_camera_default edgetpu_app_service service_manager b/275001783 +hal_contexthub_default fwk_stats_service service_manager b/241714943 +hal_dumpstate_default dump_thermal process b/268566483 +hal_power_default hal_power_default capability b/237492146 +hal_radioext_default radio_vendor_data_file file b/237093466 +incidentd debugfs_wakeup_sources file b/237492091 +incidentd incidentd anon_inode b/268147092 +init-insmod-sh vendor_ready_prop property_service b/239364360 +kernel vendor_charger_debugfs dir b/238571150 +kernel vendor_usb_debugfs dir b/227121550 +shell adb_keys_file file b/239484612 +shell cache_file lnk_file b/239484612 +shell init_exec lnk_file b/239484612 +shell linkerconfig_file dir b/239484612 +shell metadata_file dir b/239484612 +shell mirror_data_file dir b/239484612 +shell postinstall_mnt_dir dir b/239484612 +shell rootfs file b/239484612 +shell sscoredump_vendor_data_crashinfo_file dir b/241714944 +shell system_dlkm_file dir b/239484612 +su modem_img_file filesystem b/240653918 +system_app proc_pagetypeinfo file b/275645892 +system_server privapp_data_file lnk_file b/276385494 +system_server system_userdir_file dir b/282096141 diff --git a/tracking_denials/clatd.te b/tracking_denials/clatd.te deleted file mode 100644 index 3c27ad9..0000000 --- a/tracking_denials/clatd.te +++ /dev/null @@ -1,3 +0,0 @@ -# b/210363983 -#dontaudit clatd netd:rawip_socket { read write }; -#dontaudit clatd netd:rawip_socket { setopt }; diff --git a/tracking_denials/dumpstate.te b/tracking_denials/dumpstate.te index aaff71e..0dc30ea 100644 --- a/tracking_denials/dumpstate.te +++ b/tracking_denials/dumpstate.te @@ -1,6 +1,6 @@ -# b/221384768 -dontaudit dumpstate app_zygote:process { signal }; +# b/185723618 dontaudit dumpstate hal_power_stats_vendor_service:service_manager { find }; -dontaudit dumpstate sysfs:file { read }; -# b/227694693 -dontaudit dumpstate incident:process { signal }; +# b/237491813 +dontaudit dumpstate app_zygote:process { signal }; +# b/277155245 +dontaudit dumpstate default_android_service:service_manager { find }; diff --git a/tracking_denials/google_camera_app.te b/tracking_denials/google_camera_app.te deleted file mode 100644 index 72796c2..0000000 --- a/tracking_denials/google_camera_app.te +++ /dev/null @@ -1,8 +0,0 @@ -# b/209889068 -dontaudit google_camera_app edgetpu_app_service:service_manager { find }; -dontaudit google_camera_app edgetpu_device:chr_file { ioctl }; -dontaudit google_camera_app edgetpu_device:chr_file { map }; -dontaudit google_camera_app edgetpu_device:chr_file { read write }; -dontaudit google_camera_app vendor_default_prop:file { getattr }; -dontaudit google_camera_app vendor_default_prop:file { map }; -dontaudit google_camera_app vendor_default_prop:file { open }; diff --git a/tracking_denials/hal_camera_default.te b/tracking_denials/hal_camera_default.te deleted file mode 100644 index f423e49..0000000 --- a/tracking_denials/hal_camera_default.te +++ /dev/null @@ -1,5 +0,0 @@ -# b/205780065 -dontaudit hal_camera_default system_data_file:dir { search }; -# b/218585004 -dontaudit hal_camera_default traced:unix_stream_socket { connectto }; -dontaudit hal_camera_default traced_producer_socket:sock_file { write }; diff --git a/tracking_denials/hal_drm_widevine.te b/tracking_denials/hal_drm_widevine.te new file mode 100644 index 0000000..cfe7fcf --- /dev/null +++ b/tracking_denials/hal_drm_widevine.te @@ -0,0 +1,2 @@ +# b/229209076 +dontaudit hal_drm_widevine vndbinder_device:chr_file { read }; diff --git a/tracking_denials/hal_neuralnetworks_armnn.te b/tracking_denials/hal_neuralnetworks_armnn.te deleted file mode 100644 index b58f29f..0000000 --- a/tracking_denials/hal_neuralnetworks_armnn.te +++ /dev/null @@ -1,8 +0,0 @@ -# b/205073167 -dontaudit hal_neuralnetworks_armnn default_prop:file { open }; -dontaudit hal_neuralnetworks_armnn default_prop:file { read }; -# b/205202540 -dontaudit hal_neuralnetworks_armnn default_prop:file { getattr }; -dontaudit hal_neuralnetworks_armnn default_prop:file { map }; -# b/205779871 -dontaudit hal_neuralnetworks_armnn system_data_file:dir { search }; diff --git a/tracking_denials/hal_power_default.te b/tracking_denials/hal_power_default.te index 731d4ba..a2ce6fd 100644 --- a/tracking_denials/hal_power_default.te +++ b/tracking_denials/hal_power_default.te @@ -1,4 +1,3 @@ -# b/208909174 -dontaudit hal_power_default hal_power_default:capability { dac_read_search }; -# b/221384860 +# b/237492146 dontaudit hal_power_default hal_power_default:capability { dac_override }; +dontaudit hal_power_default hal_power_default:capability { dac_read_search }; diff --git a/tracking_denials/hal_sensors_default.te b/tracking_denials/hal_sensors_default.te deleted file mode 100644 index fb1bb23..0000000 --- a/tracking_denials/hal_sensors_default.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/227695036 -dontaudit hal_sensors_default sensor_reg_data_file:dir { write }; diff --git a/tracking_denials/hal_vibrator_default.te b/tracking_denials/hal_vibrator_default.te new file mode 100644 index 0000000..390bfa3 --- /dev/null +++ b/tracking_denials/hal_vibrator_default.te @@ -0,0 +1,2 @@ +# b/274727778 +dontaudit hal_vibrator_default default_android_service:service_manager { find }; diff --git a/tracking_denials/hardware_info_app.te b/tracking_denials/hardware_info_app.te deleted file mode 100644 index 2975d24..0000000 --- a/tracking_denials/hardware_info_app.te +++ /dev/null @@ -1,2 +0,0 @@ -# b/208909060 -dontaudit hardware_info_app vendor_maxfg_debugfs:dir search; diff --git a/tracking_denials/incidentd.te b/tracking_denials/incidentd.te index 90b1025..e6fce30 100644 --- a/tracking_denials/incidentd.te +++ b/tracking_denials/incidentd.te @@ -1,2 +1,2 @@ -# b/226850644 +# b/237492091 dontaudit incidentd debugfs_wakeup_sources:file { read }; diff --git a/tracking_denials/kernel.te b/tracking_denials/kernel.te index d75b1fb..a2e2163 100644 --- a/tracking_denials/kernel.te +++ b/tracking_denials/kernel.te @@ -1,11 +1,2 @@ -# b/213817227 -dontaudit kernel vendor_battery_debugfs:dir { search }; -# b/220801802 -allow kernel same_process_hal_file:file r_file_perms; # b/227121550 -dontaudit kernel vendor_usb_debugfs:dir { search }; -dontaudit kernel vendor_votable_debugfs:dir { search }; -# b/227286343 -dontaudit kernel vendor_regmap_debugfs:dir { search }; -# b/228181404 -dontaudit kernel vendor_maxfg_debugfs:dir { search };
\ No newline at end of file +dontaudit kernel vendor_votable_debugfs:dir search; diff --git a/tracking_denials/priv_app.te b/tracking_denials/priv_app.te deleted file mode 100644 index 5784c9b..0000000 --- a/tracking_denials/priv_app.te +++ /dev/null @@ -1,13 +0,0 @@ -# b/207062833 -dontaudit priv_app vendor_default_prop:file { getattr }; -dontaudit priv_app vendor_default_prop:file { map }; -dontaudit priv_app vendor_default_prop:file { open }; -# b/210363938 -dontaudit priv_app vendor_apex_file:dir { search }; -dontaudit priv_app vendor_apex_file:file { getattr }; -dontaudit priv_app vendor_apex_file:file { open }; -dontaudit priv_app vendor_apex_file:file { read }; -# b/220636850 -dontaudit priv_app default_prop:property_service { set }; -dontaudit priv_app init:unix_stream_socket { connectto }; -dontaudit priv_app property_socket:sock_file { write }; diff --git a/tracking_denials/ssr_detector_app.te b/tracking_denials/ssr_detector_app.te deleted file mode 100644 index 182b08e..0000000 --- a/tracking_denials/ssr_detector_app.te +++ /dev/null @@ -1,12 +0,0 @@ -# b/205202542 -dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { getattr }; -dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { map }; -dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { open }; -dontaudit ssr_detector_app vendor_persist_sys_default_prop:file { read }; -# b/207571417 -dontaudit ssr_detector_app cgroup:file { open }; -dontaudit ssr_detector_app cgroup:file { write }; -dontaudit ssr_detector_app sysfs:file { getattr }; -dontaudit ssr_detector_app sysfs:file { open }; -dontaudit ssr_detector_app sysfs:file { read }; -dontaudit ssr_detector_app sysfs:file { write }; diff --git a/tracking_denials/tee.te b/tracking_denials/tee.te deleted file mode 100644 index 3a56e03..0000000 --- a/tracking_denials/tee.te +++ /dev/null @@ -1,5 +0,0 @@ -# TODO(b/205904330): avoid using setuid, setgid permission -allow tee tee:capability { setuid setgid }; -# b/215649571 -dontaudit tee gsi_metadata_file:dir { search }; -dontaudit tee metadata_file:dir { search }; diff --git a/tracking_denials/vendor_init.te b/tracking_denials/vendor_init.te index 05adec7..ea8ff1e 100644 --- a/tracking_denials/vendor_init.te +++ b/tracking_denials/vendor_init.te @@ -1,6 +1,2 @@ # b/205656950 dontaudit vendor_init thermal_link_device:file { create }; -# b/226271913 -dontaudit vendor_init vendor_maxfg_debugfs:file setattr; -# b/221384939 -dontaudit vendor_init vendor_battery_defender_prop:property_service { set } ; diff --git a/tracking_denials/vndservicemanager.te b/tracking_denials/vndservicemanager.te new file mode 100644 index 0000000..9931d43 --- /dev/null +++ b/tracking_denials/vndservicemanager.te @@ -0,0 +1,4 @@ +# b/278639040 +dontaudit vndservicemanager hal_keymint_citadel:binder { call }; +# b/278639040 +dontaudit vndservicemanager hal_keymint_citadel:binder { call }; diff --git a/whitechapel_pro/certs/camera_eng.x509.pem b/whitechapel_pro/certs/camera_eng.x509.pem new file mode 100644 index 0000000..011a9ec --- /dev/null +++ b/whitechapel_pro/certs/camera_eng.x509.pem @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE----- +MIICpzCCAmWgAwIBAgIEUAV8QjALBgcqhkjOOAQDBQAwNzELMAkGA1UEBhMCVVMx +EDAOBgNVBAoTB0FuZHJvaWQxFjAUBgNVBAMTDUFuZHJvaWQgRGVidWcwHhcNMTIw +NzE3MTQ1MjUwWhcNMjIwNzE1MTQ1MjUwWjA3MQswCQYDVQQGEwJVUzEQMA4GA1UE +ChMHQW5kcm9pZDEWMBQGA1UEAxMNQW5kcm9pZCBEZWJ1ZzCCAbcwggEsBgcqhkjO +OAQBMIIBHwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR ++1k9jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb ++DtX58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdg +UI8VIwvMspK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlX +TAs9B4JnUVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCj +rh4rs6Z1kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQB +TDv+z0kqA4GEAAKBgGrRG9fVZtJ69DnALkForP1FtL6FvJmMe5uOHHdUaT+MDUKK +pPzhEISBOEJPpozRMFJO7/bxNzhjgi+mNymL/k1GoLhmZe7wQRc5AQNbHIBqoxgY +DTA6qMyeWSPgam+r+nVoPEU7sgd3fPL958+xmxQwOBSqHfe0PVsiK1cGtIuUMAsG +ByqGSM44BAMFAAMvADAsAhQJ0tGwRwIptb7SkCZh0RLycMXmHQIUZ1ACBqeAULp4 +rscXTxYEf4Tqovc= +-----END CERTIFICATE----- diff --git a/whitechapel_pro/certs/camera_fishfood.x509.pem b/whitechapel_pro/certs/camera_fishfood.x509.pem new file mode 100644 index 0000000..fb11572 --- /dev/null +++ b/whitechapel_pro/certs/camera_fishfood.x509.pem @@ -0,0 +1,15 @@ +-----BEGIN CERTIFICATE----- +MIICUjCCAbsCBEk0mH4wDQYJKoZIhvcNAQEEBQAwcDELMAkGA1UEBhMCVVMxCzAJ +BgNVBAgTAkNBMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MRQwEgYDVQQKEwtHb29n +bGUsIEluYzEUMBIGA1UECxMLR29vZ2xlLCBJbmMxEDAOBgNVBAMTB1Vua25vd24w +HhcNMDgxMjAyMDIwNzU4WhcNMzYwNDE5MDIwNzU4WjBwMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCQ0ExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxFDASBgNVBAoTC0dv +b2dsZSwgSW5jMRQwEgYDVQQLEwtHb29nbGUsIEluYzEQMA4GA1UEAxMHVW5rbm93 +bjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAn0gDGZD5sUcmOE4EU9GPjAu/ +jcd7JQSksSB8TGxEurwArcZhD6a2qy2oDjPy7vFrJqP2uFua+sqQn/u+s/TJT36B +IqeY4OunXO090in6c2X0FRZBWqnBYX3Vg84Zuuigu9iF/BeptL0mQIBRIarbk3fe +tAATOBQYiC7FIoL8WA0CAwEAATANBgkqhkiG9w0BAQQFAAOBgQBAhmae1jHaQ4Td +0GHSJuBzuYzEuZ34teS+njy+l1Aeg98cb6lZwM5gXE/SrG0chM7eIEdsurGb6PIg +Ov93F61lLY/MiQcI0SFtqERXWSZJ4OnTxLtM9Y2hnbHU/EG8uVhPZOZfQQ0FKf1b +aIOMFB0Km9HbEZHLKg33kOoMsS2zpA== +-----END CERTIFICATE----- diff --git a/whitechapel_pro/chre.te b/whitechapel_pro/chre.te index 319f17d..2531af8 100644 --- a/whitechapel_pro/chre.te +++ b/whitechapel_pro/chre.te @@ -17,4 +17,15 @@ usf_low_latency_transport(chre) # Allow CHRE to talk to the WiFi HAL allow chre hal_wifi_ext:binder { call transfer }; -allow chre hal_wifi_ext_hwservice:hwservice_manager find;
\ No newline at end of file +allow chre hal_wifi_ext_hwservice:hwservice_manager find; +allow chre hal_wifi_ext_service:service_manager find; + +# Allow CHRE host to talk to stats service +allow chre fwk_stats_service:service_manager find; +binder_call(chre, stats_service_server) + +# Allow CHRE to use WakeLock +wakelock_use(chre) + +# Allow CHRE to block suspend, which is required to use EPOLLWAKEUP. +allow chre self:global_capability2_class_set block_suspend; diff --git a/whitechapel_pro/convert-to-ext4-sh.te b/whitechapel_pro/convert-to-ext4-sh.te new file mode 100644 index 0000000..d64382d --- /dev/null +++ b/whitechapel_pro/convert-to-ext4-sh.te @@ -0,0 +1,34 @@ +type convert-to-ext4-sh, domain, coredomain; +type convert-to-ext4-sh_exec, system_file_type, exec_type, file_type; + +userdebug_or_eng(` + permissive convert-to-ext4-sh; + + init_daemon_domain(convert-to-ext4-sh) + + allow convert-to-ext4-sh block_device:dir search; + allow convert-to-ext4-sh e2fs_exec:file rx_file_perms; + allow convert-to-ext4-sh efs_block_device:blk_file rw_file_perms; + allow convert-to-ext4-sh kernel:process setsched; + allow convert-to-ext4-sh kmsg_device:chr_file rw_file_perms; + allow convert-to-ext4-sh persist_block_device:blk_file { getattr ioctl open read write }; + allow convert-to-ext4-sh shell_exec:file rx_file_perms; + allow convert-to-ext4-sh sysfs_fs_ext4_features:dir { read search }; + allow convert-to-ext4-sh sysfs_fs_ext4_features:file read; + allow convert-to-ext4-sh tmpfs:dir { add_name create mounton open }; + allow convert-to-ext4-sh tmpfs:dir { remove_name rmdir rw_file_perms setattr }; + allow convert-to-ext4-sh tmpfs:file { create rw_file_perms unlink }; + allow convert-to-ext4-sh toolbox_exec:file rx_file_perms; + allow convert-to-ext4-sh vendor_persist_type:dir { rw_file_perms search }; + allow convert-to-ext4-sh vendor_persist_type:file rw_file_perms; + + allowxperm convert-to-ext4-sh { efs_block_device persist_block_device}:blk_file ioctl { + BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET LOOP_CLR_FD + }; + + dontaudit convert-to-ext4-sh labeledfs:filesystem { mount unmount }; + dontaudit convert-to-ext4-sh self:capability { chown fowner fsetid dac_read_search sys_admin sys_rawio }; + dontaudit convert-to-ext4-sh unlabeled:dir { add_name create mounton open rw_file_perms search setattr }; + dontaudit convert-to-ext4-sh unlabeled:file { create rw_file_perms setattr }; + dontaudit convert-to-ext4-sh convert-to-ext4-sh:capability { dac_override }; +') diff --git a/whitechapel_pro/debug_camera_app.te b/whitechapel_pro/debug_camera_app.te new file mode 100644 index 0000000..5342fb7 --- /dev/null +++ b/whitechapel_pro/debug_camera_app.te @@ -0,0 +1,27 @@ +type debug_camera_app, domain, coredomain; + +userdebug_or_eng(` + app_domain(debug_camera_app) + net_domain(debug_camera_app) + + allow debug_camera_app app_api_service:service_manager find; + allow debug_camera_app audioserver_service:service_manager find; + allow debug_camera_app cameraserver_service:service_manager find; + allow debug_camera_app mediaextractor_service:service_manager find; + allow debug_camera_app mediametrics_service:service_manager find; + allow debug_camera_app mediaserver_service:service_manager find; + + # Allows camera app to access the GXP device. + allow debug_camera_app gxp_device:chr_file rw_file_perms; + + # Allows camera app to search for GXP firmware file. + allow debug_camera_app vendor_fw_file:dir search; + + # Allows camera app to access the PowerHAL. + hal_client_domain(debug_camera_app, hal_power) +') +userdebug_or_eng(` + # Allows GCA-Eng to find and access the EdgeTPU. + allow debug_camera_app edgetpu_app_service:service_manager find; + allow debug_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; +')
\ No newline at end of file diff --git a/whitechapel_pro/device.te b/whitechapel_pro/device.te index 6b81f2a..b66248a 100644 --- a/whitechapel_pro/device.te +++ b/whitechapel_pro/device.te @@ -17,7 +17,9 @@ type sensor_direct_heap_device, dmabuf_heap_device_type, dev_type; type faceauth_heap_device, dmabuf_heap_device_type, dev_type; type vframe_heap_device, dmabuf_heap_device_type, dev_type; type vscaler_heap_device, dmabuf_heap_device_type, dev_type; -type battery_history_device, dev_type; +type radio_test_device, dev_type; +type vendor_gnss_device, dev_type; +type fips_block_device, dev_type; # SecureElement SPI device type st54spi_device, dev_type; diff --git a/whitechapel_pro/disable-contaminant-detection-sh.te b/whitechapel_pro/disable-contaminant-detection-sh.te new file mode 100644 index 0000000..95845a1 --- /dev/null +++ b/whitechapel_pro/disable-contaminant-detection-sh.te @@ -0,0 +1,7 @@ +type disable-contaminant-detection-sh, domain; +type disable-contaminant-detection-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(disable-contaminant-detection-sh) + +allow disable-contaminant-detection-sh vendor_toolbox_exec:file execute_no_trans; +allow disable-contaminant-detection-sh sysfs_batteryinfo:dir r_dir_perms; +allow disable-contaminant-detection-sh sysfs_batteryinfo:file rw_file_perms; diff --git a/whitechapel_pro/domain.te b/whitechapel_pro/domain.te index fd876e0..ad32036 100644 --- a/whitechapel_pro/domain.te +++ b/whitechapel_pro/domain.te @@ -1,2 +1,6 @@ allow {domain -appdomain -rs} proc_vendor_sched:dir r_dir_perms; allow {domain -appdomain -rs} proc_vendor_sched:file w_file_perms; + +# Mali +get_prop(domain, vendor_arm_runtime_option_prop) + diff --git a/whitechapel_pro/dump_power_gs201.te b/whitechapel_pro/dump_power_gs201.te new file mode 100644 index 0000000..b61001c --- /dev/null +++ b/whitechapel_pro/dump_power_gs201.te @@ -0,0 +1,30 @@ + +pixel_bugreport(dump_power_gs201) +allow dump_power_gs201 sysfs_acpm_stats:dir r_dir_perms; +allow dump_power_gs201 sysfs_acpm_stats:file r_file_perms; +allow dump_power_gs201 sysfs_cpu:file r_file_perms; +allow dump_power_gs201 vendor_toolbox_exec:file execute_no_trans; +allow dump_power_gs201 logbuffer_device:chr_file r_file_perms; +allow dump_power_gs201 mitigation_vendor_data_file:dir r_dir_perms; +allow dump_power_gs201 sysfs:dir r_dir_perms; +allow dump_power_gs201 sysfs_batteryinfo:dir r_dir_perms; +allow dump_power_gs201 sysfs_batteryinfo:file r_file_perms; +allow dump_power_gs201 sysfs_bcl:dir r_dir_perms; +allow dump_power_gs201 sysfs_bcl:file r_file_perms; +allow dump_power_gs201 sysfs_wlc:dir r_dir_perms; +allow dump_power_gs201 sysfs_wlc:file r_file_perms; +allow dump_power_gs201 battery_history_device:chr_file r_file_perms; +allow dump_power_gs201 mitigation_vendor_data_file:file r_file_perms; + +userdebug_or_eng(` + allow dump_power_gs201 debugfs:dir r_dir_perms; + allow dump_power_gs201 vendor_battery_debugfs:dir r_dir_perms; + allow dump_power_gs201 vendor_battery_debugfs:file r_file_perms; + allow dump_power_gs201 vendor_charger_debugfs:dir r_dir_perms; + allow dump_power_gs201 vendor_charger_debugfs:file r_file_perms; + allow dump_power_gs201 vendor_pm_genpd_debugfs:file r_file_perms; + allow dump_power_gs201 vendor_maxfg_debugfs:dir r_dir_perms; + allow dump_power_gs201 vendor_maxfg_debugfs:file r_file_perms; + allow dump_power_gs201 vendor_votable_debugfs:dir r_dir_perms; + allow dump_power_gs201 vendor_votable_debugfs:file r_file_perms; +') diff --git a/whitechapel_pro/dumpstate.te b/whitechapel_pro/dumpstate.te index 8ff4750..eaab9b2 100644 --- a/whitechapel_pro/dumpstate.te +++ b/whitechapel_pro/dumpstate.te @@ -14,4 +14,3 @@ allow dumpstate modem_userdata_file:dir r_dir_perms; allow dumpstate modem_img_file:dir r_dir_perms; allow dumpstate fuse:dir search; -dontaudit dumpstate vendor_dmabuf_debugfs:file r_file_perms; diff --git a/whitechapel_pro/e2fs.te b/whitechapel_pro/e2fs.te index a666459..3e72adf 100644 --- a/whitechapel_pro/e2fs.te +++ b/whitechapel_pro/e2fs.te @@ -4,3 +4,5 @@ allow e2fs modem_userdata_block_device:blk_file rw_file_perms; allowxperm e2fs { persist_block_device efs_block_device modem_userdata_block_device }:blk_file ioctl { BLKSECDISCARD BLKDISCARD BLKPBSZGET BLKDISCARDZEROES BLKROGET }; +allow e2fs sysfs_scsi_devices_0000:dir r_dir_perms; +allow e2fs sysfs_scsi_devices_0000:file r_file_perms; diff --git a/whitechapel_pro/euiccpixel_app.te b/whitechapel_pro/euiccpixel_app.te index a59581e..303f8f3 100644 --- a/whitechapel_pro/euiccpixel_app.te +++ b/whitechapel_pro/euiccpixel_app.te @@ -6,6 +6,8 @@ app_domain(euiccpixel_app) allow euiccpixel_app app_api_service:service_manager find; allow euiccpixel_app radio_service:service_manager find; allow euiccpixel_app nfc_service:service_manager find; +allow euiccpixel_app sysfs_st33spi:dir search; +allow euiccpixel_app sysfs_st33spi:file rw_file_perms; set_prop(euiccpixel_app, vendor_secure_element_prop) set_prop(euiccpixel_app, vendor_modem_prop) diff --git a/whitechapel_pro/fastbootd.te b/whitechapel_pro/fastbootd.te index 0d215a8..e7909d2 100644 --- a/whitechapel_pro/fastbootd.te +++ b/whitechapel_pro/fastbootd.te @@ -3,5 +3,5 @@ recovery_only(` allow fastbootd devinfo_block_device:blk_file rw_file_perms; allow fastbootd sda_block_device:blk_file rw_file_perms; allow fastbootd sysfs_ota:file rw_file_perms; -allow fastbootd citadel_device:chr_file rw_file_perms; +allow fastbootd st54spi_device:chr_file rw_file_perms; ') diff --git a/whitechapel_pro/file.te b/whitechapel_pro/file.te index d986a56..4a23260 100644 --- a/whitechapel_pro/file.te +++ b/whitechapel_pro/file.te @@ -4,52 +4,46 @@ type vendor_log_file, file_type, data_file_type; type vendor_rfsd_log_file, file_type, data_file_type; type modem_stat_data_file, file_type, data_file_type; type vendor_slog_file, file_type, data_file_type; -type radio_vendor_data_file, file_type, data_file_type; type updated_wifi_firmware_data_file, file_type, data_file_type; -type tcpdump_vendor_data_file, file_type, data_file_type; -type vendor_camera_data_file, file_type, data_file_type; type vendor_media_data_file, file_type, data_file_type; type vendor_misc_data_file, file_type, data_file_type; +type sensor_debug_data_file, file_type, data_file_type; type sensor_reg_data_file, file_type, data_file_type; type per_boot_file, file_type, data_file_type, core_data_file_type; type uwb_vendor_data_file, file_type, data_file_type, app_data_file_type; type uwb_data_vendor, file_type, data_file_type; type powerstats_vendor_data_file, file_type, data_file_type; +type vendor_gps_file, file_type, data_file_type; userdebug_or_eng(` - typeattribute tcpdump_vendor_data_file mlstrustedobject; + typeattribute vendor_gps_file mlstrustedobject; typeattribute vendor_slog_file mlstrustedobject; - typeattribute radio_vendor_data_file mlstrustedobject; ') # Exynos Firmware type vendor_fw_file, vendor_file_type, file_type; +# Trusty +type sysfs_trusty, sysfs_type, fs_type; + +# EM Profile +type sysfs_em_profile, sysfs_type, fs_type; + # sysfs type sysfs_chosen, sysfs_type, fs_type; type sysfs_ota, sysfs_type, fs_type; type bootdevice_sysdev, dev_type; -type sysfs_display, sysfs_type, fs_type; -type sysfs_scsi_devices_0000, sysfs_type, fs_type; type sysfs_fabric, sysfs_type, fs_type; type sysfs_acpm_stats, sysfs_type, fs_type; type sysfs_wifi, sysfs_type, fs_type; -type sysfs_exynos_bts, sysfs_type, fs_type; -type sysfs_exynos_bts_stats, sysfs_type, fs_type; -type sysfs_bcl, sysfs_type, fs_type; -type sysfs_chip_id, sysfs_type, fs_type; -type sysfs_touch, sysfs_type, fs_type; +type sysfs_exynos_pcie_stats, sysfs_type, fs_type; type sysfs_bcmdhd, sysfs_type, fs_type; -type sysfs_wlc, sysfs_type, fs_type; type sysfs_chargelevel, sysfs_type, fs_type; type sysfs_mfc, sysfs_type, fs_type; -type sysfs_cpu, sysfs_type, fs_type; -type sysfs_odpm, sysfs_type, fs_type; -type sysfs_soc, sysfs_type, fs_type; type sysfs_camera, sysfs_type, fs_type; type sysfs_write_leds, sysfs_type, fs_type; - +type sysfs_pca, sysfs_type, fs_type; +type sysfs_ptracker, sysfs_type, fs_type; # debugfs -type debugfs_f2fs, debugfs_type, fs_type; type vendor_maxfg_debugfs, fs_type, debugfs_type; type vendor_pm_genpd_debugfs, fs_type, debugfs_type; type vendor_regmap_debugfs, fs_type, debugfs_type; @@ -57,9 +51,6 @@ type vendor_usb_debugfs, fs_type, debugfs_type; type vendor_charger_debugfs, fs_type, debugfs_type; type vendor_votable_debugfs, fs_type, debugfs_type; type vendor_battery_debugfs, fs_type, debugfs_type; -type vendor_dmabuf_debugfs, fs_type, debugfs_type; -type vendor_dri_debugfs, fs_type, debugfs_type; -type vendor_page_pinner_debugfs, fs_type, debugfs_type; # vendor extra images type modem_img_file, contextmount_type, file_type, vendor_file_type; @@ -81,22 +72,16 @@ type chre_socket, file_type; type proc_f2fs, proc_type, fs_type; # Vendor tools -type vendor_usf_stats, vendor_file_type, file_type; -type vendor_usf_reg_edit, vendor_file_type, file_type; type vendor_dumpsys, vendor_file_type, file_type; # Modem type modem_efs_file, file_type; type modem_userdata_file, file_type; +type sysfs_modem, sysfs_type, fs_type; # SecureElement type sysfs_st33spi, sysfs_type, fs_type; - -# USB-C throttling stats -type sysfs_usbc_throttling_stats, sysfs_type, fs_type; - -# Touch -type proc_touch, proc_type, fs_type; +typeattribute sysfs_st33spi mlstrustedobject; # Vendor sched files userdebug_or_eng(` @@ -108,3 +93,9 @@ type sysfs_sjtag, fs_type, sysfs_type; userdebug_or_eng(` typeattribute sysfs_sjtag mlstrustedobject; ') + +# USB-C throttling stats +type sysfs_usbc_throttling_stats, sysfs_type, fs_type; + +# WLC +type sysfs_wlc, sysfs_type, fs_type; diff --git a/whitechapel_pro/file_contexts b/whitechapel_pro/file_contexts index ae1d4f2..c4f5b09 100644 --- a/whitechapel_pro/file_contexts +++ b/whitechapel_pro/file_contexts @@ -11,20 +11,19 @@ /vendor/bin/storageproxyd u:object_r:tee_exec:s0 /vendor/bin/init\.radio\.sh u:object_r:init_radio_exec:s0 /vendor/bin/tcpdump_logger u:object_r:tcpdump_logger_exec:s0 -/vendor/bin/init\.insmod\.sh u:object_r:init-insmod-sh_exec:s0 +/vendor/bin/init\.display\.sh u:object_r:init-display-sh_exec:s0 /vendor/bin/trusty_apploader u:object_r:trusty_apploader_exec:s0 /vendor/bin/trusty_metricsd u:object_r:trusty_metricsd_exec:s0 -/vendor/bin/usf_stats u:object_r:vendor_usf_stats:s0 -/vendor/bin/usf_reg_edit u:object_r:vendor_usf_reg_edit:s0 /vendor/bin/dumpsys u:object_r:vendor_dumpsys:s0 /vendor/bin/init\.uwb\.calib\.sh u:object_r:vendor_uwb_init_exec:s0 /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 +/vendor/bin/hw/android\.hardware\.gatekeeper-service\.trusty u:object_r:hal_gatekeeper_default_exec:s0 /vendor/bin/hw/android\.hardware\.security\.keymint-service\.trusty u:object_r:hal_keymint_default_exec:s0 +/vendor/bin/hw/android\.hardware\.security\.keymint-service\.rust\.trusty u:object_r:hal_keymint_default_exec:s0 /vendor/bin/hw/vendor\.google\.radioext@1\.0-service u:object_r:hal_radioext_default_exec:s0 /vendor/bin/hw/android\.hardware\.contexthub-service\.generic u:object_r:hal_contexthub_default_exec:s0 /vendor/bin/hw/android\.hardware\.boot@1\.2-service-gs201 u:object_r:hal_bootctl_default_exec:s0 /vendor/bin/hw/android\.hardware\.composer\.hwc3-service\.pixel u:object_r:hal_graphics_composer_default_exec:s0 -/vendor/bin/hw/android\.hardware\.dumpstate@1\.1-service\.gs201 u:object_r:hal_dumpstate_default_exec:s0 /vendor/bin/hw/samsung\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_samsung_exec:s0 /vendor/bin/hw/google\.hardware\.media\.c2@1\.0-service u:object_r:mediacodec_google_exec:s0 /vendor/bin/hw/android\.hardware\.secure_element@1\.2-service-gto u:object_r:hal_secure_element_st54spi_exec:s0 @@ -32,18 +31,23 @@ /vendor/bin/hw/android\.hardware\.secure_element@1\.2-uicc-service u:object_r:hal_secure_element_uicc_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 /vendor/bin/hw/android\.hardware\.biometrics\.fingerprint-service\.goodix u:object_r:hal_fingerprint_default_exec:s0 -/vendor/bin/hw/android\.hardware\.nfc@1\.2-service\.st u:object_r:hal_nfc_default_exec:s0 +/vendor/bin/hw/android\.hardware\.nfc-service\.st u:object_r:hal_nfc_default_exec:s0 /vendor/bin/hw/vendor\.google\.wireless_charger@1\.3-service-vendor u:object_r:hal_wlc_exec:s0 /vendor/bin/hw/android\.hardware\.usb-service u:object_r:hal_usb_impl_exec:s0 /vendor/bin/hw/android\.hardware\.usb\.gadget-service u:object_r:hal_usb_gadget_impl_exec:s0 +/vendor/bin/hw/android\.hardware\.gxp\.logging@service-gxp-logging u:object_r:gxp_logging_exec:s0 /vendor/bin/hw/rild_exynos u:object_r:rild_exec:s0 /vendor/bin/hw/android\.hardware\.qorvo\.uwb\.service u:object_r:hal_uwb_vendor_default_exec:s0 /vendor/bin/rlsservice u:object_r:rlsservice_exec:s0 +/vendor/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.fpc u:object_r:fingerprint_factory_service_exec:s0 +/vendor/bin/hw/android\.hardware\.memtrack-service\.pixel u:object_r:hal_memtrack_default_exec:s0 +/system_ext/bin/convert_to_ext4\.sh u:object_r:convert-to-ext4-sh_exec:s0 +/vendor/bin/hw/disable_contaminant_detection\.sh u:object_r:disable-contaminant-detection-sh_exec:s0 +/vendor/bin/dump/dump_power_gs201\.sh u:object_r:dump_power_gs201_exec:s0 +/vendor/bin/ufs_firmware_update\.sh u:object_r:ufs_firmware_update_exec:s0 # Vendor Firmwares /vendor/firmware(/.*)? u:object_r:vendor_fw_file:s0 -/vendor/firmware/mali_csffw\.bin u:object_r:same_process_hal_file:s0 -/vendor/firmware/gxp_fw_core[0-3] u:object_r:same_process_hal_file:s0 # Vendor libraries /vendor/lib(64)?/libdrm\.so u:object_r:same_process_hal_file:s0 @@ -56,19 +60,16 @@ /vendor/lib(64)?/pixel-power-ext-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/android\.frameworks\.stats-V1-ndk\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/vendor-pixelatoms-cpp\.so u:object_r:same_process_hal_file:s0 -/vendor/lib(64)?/libprotobuf-cpp-lite-3\.9\.1\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/libprotobuf-cpp-lite-(\d+\.){2,3}so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgxp\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/gxp_metrics_logger\.so u:object_r:same_process_hal_file:s0 # Graphics /vendor/lib(64)?/hw/gralloc\.gs201\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/vulkan\.mali\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/libgpudataproducer\.so u:object_r:same_process_hal_file:s0 -# Vendor kernel modules -/vendor_dlkm/lib/modules/.*\.ko u:object_r:vendor_kernel_modules:s0 - # Devices -/dev/trusty-log0 u:object_r:logbuffer_device:s0 /dev/dma_heap/sensor_direct_heap u:object_r:sensor_direct_heap_device:s0 /dev/ttySAC0 u:object_r:tty_device:s0 /dev/dma_heap/faceauth_tpu-secure u:object_r:faceauth_heap_device:s0 @@ -79,12 +80,14 @@ /dev/dma_heap/vframe-secure u:object_r:dmabuf_system_secure_heap_device:s0 /dev/dma_heap/vscaler-secure u:object_r:vscaler_heap_device:s0 /dev/dma_heap/vstream-secure u:object_r:dmabuf_system_secure_heap_device:s0 +/dev/janeiro u:object_r:edgetpu_device:s0 /dev/bigocean u:object_r:video_device:s0 /dev/goodix_fp u:object_r:fingerprint_device:s0 /dev/stmvl53l1_ranging u:object_r:rls_device:s0 /dev/watchdog0 u:object_r:watchdog_device:s0 /dev/mali0 u:object_r:gpu_device:s0 /dev/logbuffer_usbpd u:object_r:logbuffer_device:s0 +/dev/logbuffer_pogo_transport u:object_r:logbuffer_device:s0 /dev/logbuffer_ssoc u:object_r:logbuffer_device:s0 /dev/logbuffer_wireless u:object_r:logbuffer_device:s0 /dev/logbuffer_ttf u:object_r:logbuffer_device:s0 @@ -99,6 +102,9 @@ /dev/logbuffer_maxfg_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_base_monitor u:object_r:logbuffer_device:s0 /dev/logbuffer_maxfg_flip_monitor u:object_r:logbuffer_device:s0 +/dev/logbuffer_bd u:object_r:logbuffer_device:s0 +/dev/logbuffer_pcie0 u:object_r:logbuffer_device:s0 +/dev/logbuffer_pcie1 u:object_r:logbuffer_device:s0 /dev/bbd_pwrstat u:object_r:power_stats_device:s0 /dev/lwis-act-jotnar u:object_r:lwis_device:s0 /dev/lwis-act-slenderman u:object_r:lwis_device:s0 @@ -144,6 +150,7 @@ /dev/st33spi u:object_r:st33spi_device:s0 /dev/ttyGS[0-3] u:object_r:serial_device:s0 /dev/oem_ipc[0-7] u:object_r:radio_device:s0 +/dev/oem_test u:object_r:radio_test_device:s0 /dev/umts_boot0 u:object_r:radio_device:s0 /dev/umts_ipc0 u:object_r:radio_device:s0 /dev/umts_ipc1 u:object_r:radio_device:s0 @@ -161,7 +168,6 @@ /dev/block/platform/14700000\.ufs/by-name/boot_[ab] u:object_r:boot_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/init_boot_[ab] u:object_r:boot_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/devinfo u:object_r:devinfo_block_device:s0 -/dev/block/platform/14700000\.ufs/by-name/dpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/dram_train_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/efs u:object_r:efs_block_device:s0 @@ -185,10 +191,10 @@ /dev/block/platform/14700000\.ufs/by-name/vbmeta_vendor_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/vendor_boot_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/14700000\.ufs/by-name/vendor_kernel_boot_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/14700000\.ufs/by-name/fips u:object_r:fips_block_device:s0 # Data /data/vendor/slog(/.*)? u:object_r:vendor_slog_file:s0 -/data/vendor/radio(/.*)? u:object_r:radio_vendor_data_file:s0 /data/vendor/modem_stat(/.*)? u:object_r:modem_stat_data_file:s0 /data/vendor/log(/.*)? u:object_r:vendor_log_file:s0 /data/vendor/log/rfsd(/.*)? u:object_r:vendor_rfsd_log_file:s0 @@ -196,13 +202,13 @@ /data/vendor/ss(/.*)? u:object_r:tee_data_file:s0 /data/nfc(/.*)? u:object_r:nfc_data_file:s0 /data/vendor/firmware/wifi(/.*)? u:object_r:updated_wifi_firmware_data_file:s0 -/data/vendor/tcpdump_logger(/.*)? u:object_r:tcpdump_vendor_data_file:s0 -/data/vendor/camera(/.*)? u:object_r:vendor_camera_data_file:s0 /data/vendor/media(/.*)? u:object_r:vendor_media_data_file:s0 /data/vendor/misc(/.*)? u:object_r:vendor_misc_data_file:s0 /data/per_boot(/.*)? u:object_r:per_boot_file:s0 +/data/vendor/sensors/debug(/.*)? u:object_r:sensor_debug_data_file:s0 /data/vendor/sensors/registry(/.*)? u:object_r:sensor_reg_data_file:s0 /data/vendor/uwb(/.*)? u:object_r:uwb_data_vendor:s0 +/dev/maxfg_history u:object_r:battery_history_device:s0 /dev/battery_history u:object_r:battery_history_device:s0 /data/vendor/powerstats(/.*)? u:object_r:powerstats_vendor_data_file:s0 diff --git a/whitechapel_pro/fingerprint_factory_service.te b/whitechapel_pro/fingerprint_factory_service.te new file mode 100644 index 0000000..86ab35c --- /dev/null +++ b/whitechapel_pro/fingerprint_factory_service.te @@ -0,0 +1,3 @@ +type fingerprint_factory_service, service_manager_type; +type fingerprint_factory_service_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(fingerprint_factory_service) diff --git a/whitechapel_pro/fsck.te b/whitechapel_pro/fsck.te index d29555b..cb9470d 100644 --- a/whitechapel_pro/fsck.te +++ b/whitechapel_pro/fsck.te @@ -1,3 +1,5 @@ allow fsck persist_block_device:blk_file rw_file_perms; allow fsck efs_block_device:blk_file rw_file_perms; allow fsck modem_userdata_block_device:blk_file rw_file_perms; +allow fsck sysfs_scsi_devices_0000:dir r_dir_perms; +allow fsck sysfs_scsi_devices_0000:file r_file_perms; diff --git a/whitechapel_pro/genfs_contexts b/whitechapel_pro/genfs_contexts index 56cbee6..57f0237 100644 --- a/whitechapel_pro/genfs_contexts +++ b/whitechapel_pro/genfs_contexts @@ -1,42 +1,24 @@ -# Exynos -genfscon sysfs /devices/platform/exynos-bts u:object_r:sysfs_exynos_bts:s0 -genfscon sysfs /devices/platform/exynos-bts/bts_stats u:object_r:sysfs_exynos_bts_stats:s0 - genfscon sysfs /firmware/devicetree/base/chosen u:object_r:sysfs_chosen:s0 -genfscon sysfs /devices/virtual/pmic/mitigation u:object_r:sysfs_bcl:s0 -genfscon sysfs /devices/system/chip-id/ap_hw_tune_str u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/evt_ver u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/lot_id u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/product_id u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/revision u:object_r:sysfs_chip_id:s0 -genfscon sysfs /devices/system/chip-id/raw_str u:object_r:sysfs_chip_id:s0 + +# EdgeTPU +genfscon sysfs /devices/platform/1ce00000.janeiro u:object_r:sysfs_edgetpu:s0 # CPU -genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/cpupm/cpupm/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_int/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000040.devfreq_disp/devfreq/17000040.devfreq_disp/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000050.devfreq_cam/devfreq/17000050.devfreq_cam/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000070.devfreq_mfc/devfreq/17000070.devfreq_mfc/time_in_state u:object_r:sysfs_cpu:s0 -genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/platform/28000000.mali/time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/platform/28000000.mali/uid_time_in_state u:object_r:sysfs_cpu:s0 genfscon sysfs /devices/soc0/machine u:object_r:sysfs_soc:s0 genfscon sysfs /devices/soc0/revision u:object_r:sysfs_soc:s0 -# Touch -genfscon sysfs /devices/platform/10d10000.spi/spi_master/spi0/spi0.0/synaptics_tcm.0/sysfs u:object_r:sysfs_touch:s0 -genfscon sysfs /devices/virtual/sec/tsp u:object_r:sysfs_touch:s0 -genfscon proc /focaltech_touch u:object_r:proc_touch:s0 - # tracefs genfscon tracefs /events/dmabuf_heap/dma_heap_stat u:object_r:debugfs_tracing:s0 +# Networking +genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/ieee802154/phy0/net u:object_r:sysfs_net:s0 + # WiFi genfscon sysfs /wifi u:object_r:sysfs_wifi:s0 +genfscon sysfs /wlan_ptracker u:object_r:sysfs_ptracker:s0 # ACPM genfscon sysfs /devices/platform/acpm_stats u:object_r:sysfs_acpm_stats:s0 @@ -47,6 +29,10 @@ genfscon sysfs /module/bcmdhd4389 u # GPU genfscon sysfs /devices/platform/28000000.mali/hint_min_freq u:object_r:sysfs_gpu:s0 genfscon sysfs /devices/platform/28000000.mali/power_policy u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/dma_buf_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/total_gpu_mem u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/kprcs u:object_r:sysfs_gpu:s0 +genfscon sysfs /devices/platform/28000000.mali/dvfs_period u:object_r:sysfs_gpu:s0 # Fabric genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/min_freq u:object_r:sysfs_fabric:s0 @@ -54,11 +40,12 @@ genfscon sysfs /devices/platform/17000020.devfreq_int/devfreq/17000020.devfreq_i genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/interactive/target_load u:object_r:sysfs_fabric:s0 # sscoredump (per device) -genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 -genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/aoc/sscoredump/sscd_aoc/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/bigocean/sscoredump/sscd_bigocean/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/debugcore/sscoredump/sscd_debugcore/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/mfc-core/sscoredump/sscd_mfc-core/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/wlan/sscoredump/sscd_wlan/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 +genfscon sysfs /devices/platform/mali/sscoredump/sscd_mali/report_count u:object_r:sysfs_sscoredump_subsystem_report_count:s0 # Power Stats genfscon sysfs /devices/platform/cpif/modem/power_stats u:object_r:sysfs_power_stats:s0 @@ -73,32 +60,49 @@ genfscon sysfs /devices/platform/10970000.hsi2c/i2c-7/i2c-st21nfc/power_stats genfscon sysfs /devices/platform/10970000.hsi2c/i2c-8/i2c-st21nfc/power_stats u:object_r:sysfs_power_stats:s0 genfscon sysfs /devices/platform/10db0000.spi/spi_master/spi16/spi16.0/uwb/power_stats u:object_r:sysfs_power_stats:s0 +# Modem +genfscon sysfs /devices/platform/cp-tm1/cp_temp u:object_r:sysfs_modem:s0 + # Power ODPM -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 - -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device0/enabled_rails u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/name u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/energy_value u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/sampling_rate u:object_r:sysfs_odpm:s0 -genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device1/enabled_rails u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-0/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-1/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-2/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-3/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-4/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-5/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-6/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-8/i2c-s2mpg12mfd/s2mpg12-meter/s2mpg12-odpm/wakeup u:object_r:sysfs_wakeup:s0 + +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/iio:device u:object_r:sysfs_odpm:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-0/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-1/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-2/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-3/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-4/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-5/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-6/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-7/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-8/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/acpm_mfd_bus@18110000/i2c-9/i2c-s2mpg13mfd/s2mpg13-meter/s2mpg13-odpm/wakeup u:object_r:sysfs_wakeup:s0 # Devfreq current frequency genfscon sysfs /devices/platform/17000010.devfreq_mif/devfreq/17000010.devfreq_mif/cur_freq u:object_r:sysfs_devfreq_cur:s0 @@ -113,6 +117,10 @@ genfscon sysfs /devices/platform/17000080.devfreq_bo/devfreq/17000080.devfreq_bo # OTA genfscon sysfs /devices/platform/14700000.ufs/pixel/boot_lun_enabled u:object_r:sysfs_ota:s0 +# Input +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2/2-1 u:object_r:sysfs_uhid:s0 + # Display genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/gamma u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/min_vrefresh u:object_r:sysfs_display:s0 @@ -123,14 +131,21 @@ genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/osc2_clk_kh genfscon sysfs /devices/platform/1c2c0000.drmdsim/hs_clock u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c240000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c242000.drmdecon/early_wakeup u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c240000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c241000.drmdecon/counters u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c242000.drmdecon/counters u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2c0000.drmdsim/1c2c0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/backlight u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_extinfo u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/panel_name u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/serial_number u:object_r:sysfs_display:s0 +genfscon sysfs /devices/platform/1c2d0000.drmdsim/1c2d0000.drmdsim.0/refresh_rate u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c240000.drmdecon/dqe0/atc u:object_r:sysfs_display:s0 genfscon sysfs /devices/platform/1c241000.drmdecon/dqe1/atc u:object_r:sysfs_display:s0 @@ -162,48 +177,46 @@ genfscon sysfs /devices/platform/14700000.ufs/health_descriptor u:object genfscon sysfs /devices/platform/14700000.ufs/host0/target0:0:0/0:0:0: u:object_r:sysfs_scsi_devices_0000:s0 genfscon sysfs /devices/platform/14700000.ufs/ufs_stats u:object_r:sysfs_scsi_devices_0000:s0 genfscon sysfs /devices/platform/14700000.ufs/attributes/wb_avail_buf u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/vendor u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/model u:object_r:sysfs_scsi_devices_0000:s0 +genfscon sysfs /devices/platform/14700000.ufs/rev u:object_r:sysfs_scsi_devices_0000:s0 # debugfs -genfscon debugfs /f2fs u:object_r:debugfs_f2fs:s0 genfscon debugfs /maxfg u:object_r:vendor_maxfg_debugfs:s0 -genfscon debugfs /dma_buf/bufinfo u:object_r:vendor_dmabuf_debugfs:s0 +genfscon debugfs /maxfg_base u:object_r:vendor_maxfg_debugfs:s0 +genfscon debugfs /maxfg_secondary u:object_r:vendor_maxfg_debugfs:s0 genfscon debugfs /pm_genpd/pm_genpd_summary u:object_r:vendor_pm_genpd_debugfs:s0 genfscon debugfs /regmap u:object_r:vendor_regmap_debugfs:s0 genfscon debugfs /usb u:object_r:vendor_usb_debugfs:s0 genfscon debugfs /google_charger u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77759_chg u:object_r:vendor_charger_debugfs:s0 +genfscon debugfs /max77729_pmic u:object_r:vendor_charger_debugfs:s0 genfscon debugfs /gvotables u:object_r:vendor_votable_debugfs:s0 genfscon debugfs /google_battery u:object_r:vendor_battery_debugfs:s0 -genfscon debugfs /dri/0/crtc- u:object_r:vendor_dri_debugfs:s0 -genfscon debugfs /page_pinner u:object_r:vendor_page_pinner_debugfs:s0 # Battery genfscon sysfs /devices/platform/google,battery/power_supply/battery u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,cpm u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/google,charger u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/pseudo_0/adapter0/host1/target1:0:0/1:0:0:0/block/sde u:object_r:sysfs_devices_block:s0 # P22 battery genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/2-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-2/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/3-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-3/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/4-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-4/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/5-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-5/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/6-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-6/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/7-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/8-0050/eeprom u:object_r:sysfs_batteryinfo:s0 -genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412 u:object_r:sysfs_wlc:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-9/9-0050/eeprom u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0069/power_supply u:object_r:sysfs_batteryinfo:s0 @@ -211,6 +224,13 @@ genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0069/power_supply genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0069/power_supply u:object_r:sysfs_batteryinfo:s0 genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0069/power_supply u:object_r:sysfs_batteryinfo:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/2-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-3/3-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-4/4-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-5/5-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-6/6-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-7/7-0057/chg_stats u:object_r:sysfs_pca:s0 +genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-8/8-0057/chg_stats u:object_r:sysfs_pca:s0 # Extcon genfscon sysfs /devices/platform/10d60000.hsi2c/i2c-2/i2c-max77759tcpc/extcon u:object_r:sysfs_extcon:s0 @@ -302,9 +322,22 @@ genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-7/i2c-p9412/wakeup genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/power_supply/wireless/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/10da0000.hsi2c/i2c-8/i2c-p9412/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb2 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.4.auto/usb3 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb2 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.5.auto/usb3 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb2 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/11210000.dwc3/xhci-hcd-exynos.6.auto/usb3 u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/11210000.usb/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0001:00/0001:00:00.0/0001:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/14520000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/com.google.usf/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19000000.aoc/com.google.usf.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19000000.aoc/com.google.chre/wakeup u:object_r:sysfs_wakeup:s0 +genfscon sysfs /devices/platform/19000000.aoc/com.google.chre.non_wake_up/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/19000000.aoc/usb_control/wakeup u:object_r:sysfs_wakeup:s0 genfscon sysfs /devices/platform/acpm_mfd_bus@18100000/i2c-7/i2c-s2mpg12mfd/s2mpg12-power-keys/wakeup u:object_r:sysfs_wakeup:s0 @@ -338,26 +371,26 @@ genfscon sysfs /devices/platform/100b0000.G3D u:obje genfscon sysfs /devices/platform/100b0000.TPU u:object_r:sysfs_thermal:s0 genfscon sysfs /devices/platform/100b0000.AUR u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_state u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_reg_dump_current_temp u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_top_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_rise_thres u:object_r:sysfs_thermal:s0 -genfscon sysfs /module/gs_thermal/parameters/tmu_sub_reg_dump_fall_thres u:object_r:sysfs_thermal:s0 +genfscon sysfs /thermal_zone14/mode u:object_r:sysfs_thermal:s0 + +# PCIe link +genfscon sysfs /devices/platform/14520000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0 +genfscon sysfs /devices/platform/11920000.pcie/link_stats u:object_r:sysfs_exynos_pcie_stats:s0 # Camera genfscon sysfs /devices/platform/17000030.devfreq_intcam/devfreq/17000030.devfreq_intcam/min_freq u:object_r:sysfs_camera:s0 +genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/max_freq u:object_r:sysfs_camera:s0 genfscon sysfs /devices/platform/17000060.devfreq_tnr/devfreq/17000060.devfreq_tnr/min_freq u:object_r:sysfs_camera:s0 +# SJTAG +genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 +genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0 + # USB-C throttling stats genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/cleared_time u:object_r:sysfs_usbc_throttling_stats:s0 genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/hysteresis_time u:object_r:sysfs_usbc_throttling_stats:s0 genfscon sysfs /devices/platform/google,usbc_port_cooling_dev/trip_time u:object_r:sysfs_usbc_throttling_stats:s0 -# SJTAG -genfscon sysfs /devices/platform/sjtag_ap/interface u:object_r:sysfs_sjtag:s0 -genfscon sysfs /devices/platform/sjtag_gsa/interface u:object_r:sysfs_sjtag:s0 - # Coresight ETM genfscon sysfs /devices/platform/2b840000.etm u:object_r:sysfs_devices_cs_etm:s0 genfscon sysfs /devices/platform/2b940000.etm u:object_r:sysfs_devices_cs_etm:s0 @@ -367,3 +400,35 @@ genfscon sysfs /devices/platform/2bc40000.etm u:object_r:sysfs_devices_cs_etm genfscon sysfs /devices/platform/2bd40000.etm u:object_r:sysfs_devices_cs_etm:s0 genfscon sysfs /devices/platform/2be40000.etm u:object_r:sysfs_devices_cs_etm:s0 genfscon sysfs /devices/platform/2bf40000.etm u:object_r:sysfs_devices_cs_etm:s0 + +# Trusty +genfscon sysfs /module/trusty_virtio/parameters/use_high_wq u:object_r:sysfs_trusty:s0 +genfscon sysfs /module/trusty_core/parameters/use_high_wq u:object_r:sysfs_trusty:s0 + +# EM Profile +genfscon sysfs /kernel/pixel_em/active_profile u:object_r:sysfs_em_profile:s0 + +# Privacy LED +genfscon sysfs /devices/platform/pwmleds/leds/green/brightness u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/pwmleds/leds/green/max_brightness u:object_r:sysfs_leds:s0 + +# AOC +genfscon sysfs /devices/platform/19000000.aoc/aoc_clock_and_kernel_boottime u:object_r:sysfs_aoc_boottime:s0 +genfscon sysfs /devices/platform/19000000.aoc/firmware u:object_r:sysfs_aoc_firmware:s0 +genfscon sysfs /devices/platform/19000000.aoc u:object_r:sysfs_aoc:s0 +genfscon sysfs /devices/platform/19000000.aoc/reset u:object_r:sysfs_aoc_reset:s0 +genfscon sysfs /devices/platform/19000000.aoc/services u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/restart_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/coredump_count u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/ring_buffer_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/host_ipc_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/usf_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/audio_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/logging_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/hotword_wakeup u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_exception u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_a32 u:object_r:sysfs_aoc_dumpstate:s0 +genfscon sysfs /devices/platform/19000000.aoc/control/memory_votes_ff1 u:object_r:sysfs_aoc_dumpstate:s0 + +# GPS +genfscon sysfs /devices/platform/10940000.spi/spi_master/spi5/spi5.0/nstandby u:object_r:sysfs_gps:s0 diff --git a/whitechapel_pro/google_camera_app.te b/whitechapel_pro/google_camera_app.te index ad09781..d73cd3d 100644 --- a/whitechapel_pro/google_camera_app.te +++ b/whitechapel_pro/google_camera_app.te @@ -1,5 +1,6 @@ type google_camera_app, domain, coredomain; app_domain(google_camera_app) +net_domain(google_camera_app) allow google_camera_app app_api_service:service_manager find; allow google_camera_app audioserver_service:service_manager find; @@ -13,3 +14,13 @@ allow google_camera_app gxp_device:chr_file rw_file_perms; # Allows camera app to search for GXP firmware file. allow google_camera_app vendor_fw_file:dir search; + +# Allows camera app to access the PowerHAL. +hal_client_domain(google_camera_app, hal_power) + +# Allows GCA to find and access the EdgeTPU. +allow google_camera_app edgetpu_app_service:service_manager find; +allow google_camera_app edgetpu_device:chr_file { getattr read write ioctl map }; + +# Library code may try to access vendor properties, but should be denied +dontaudit google_camera_app vendor_default_prop:file { getattr map open }; diff --git a/whitechapel_pro/gpsd.te b/whitechapel_pro/gpsd.te new file mode 100644 index 0000000..79055ec --- /dev/null +++ b/whitechapel_pro/gpsd.te @@ -0,0 +1,9 @@ +type gpsd, domain; +type gpsd_exec, vendor_file_type, exec_type, file_type; +# Allow gpsd access PixelLogger unix socket in debug build only +userdebug_or_eng(` + typeattribute gpsd mlstrustedsubject; + allow gpsd logger_app:unix_stream_socket connectto; +') + + diff --git a/whitechapel_pro/grilservice_app.te b/whitechapel_pro/grilservice_app.te index 6e0dd66..2525bab 100644 --- a/whitechapel_pro/grilservice_app.te +++ b/whitechapel_pro/grilservice_app.te @@ -5,8 +5,11 @@ allow grilservice_app app_api_service:service_manager find; allow grilservice_app hal_bluetooth_coexistence_hwservice:hwservice_manager find; allow grilservice_app hal_radioext_hwservice:hwservice_manager find; allow grilservice_app hal_wifi_ext_hwservice:hwservice_manager find; +allow grilservice_app hal_wifi_ext_service:service_manager find; allow grilservice_app hal_audiometricext_hwservice:hwservice_manager find; allow grilservice_app hal_exynos_rild_hwservice:hwservice_manager find; +allow grilservice_app radio_vendor_data_file:dir create_dir_perms; +allow grilservice_app radio_vendor_data_file:file create_file_perms; binder_call(grilservice_app, hal_bluetooth_btlinux) binder_call(grilservice_app, hal_radioext_default) binder_call(grilservice_app, hal_wifi_ext) diff --git a/whitechapel_pro/gxp_logging.te b/whitechapel_pro/gxp_logging.te new file mode 100644 index 0000000..107942d --- /dev/null +++ b/whitechapel_pro/gxp_logging.te @@ -0,0 +1,9 @@ +type gxp_logging, domain; +type gxp_logging_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(gxp_logging) + +# The logging service accesses /dev/gxp +allow gxp_logging gxp_device:chr_file rw_file_perms; + +# Allow gxp tracing service to send packets to Perfetto +userdebug_or_eng(`perfetto_producer(gxp_logging)') diff --git a/whitechapel_pro/hal_camera_default.te b/whitechapel_pro/hal_camera_default.te index 92c629e..0590998 100644 --- a/whitechapel_pro/hal_camera_default.te +++ b/whitechapel_pro/hal_camera_default.te @@ -23,6 +23,10 @@ allow hal_camera_default sysfs_edgetpu:dir r_dir_perms; allow hal_camera_default sysfs_edgetpu:file r_file_perms; allow hal_camera_default edgetpu_vendor_service:service_manager find; binder_call(hal_camera_default, edgetpu_vendor_server) +# Allow edgetpu_app_service as well, due to the EdgeTpu metrics logging +# library has a dependency on edgetpu_app_service, see b/275016466. +allow hal_camera_default edgetpu_app_service:service_manager find; +binder_call(hal_camera_default, edgetpu_app_server) # Allow the camera hal to access the GXP device. allow hal_camera_default gxp_device:chr_file rw_file_perms; @@ -91,3 +95,17 @@ allow hal_camera_default sysfs_leds:file r_file_perms; # Allow camera HAL to send trace packets to Perfetto userdebug_or_eng(`perfetto_producer(hal_camera_default)') + +# Some file searches attempt to access system data and are denied. +# This is benign and can be ignored. +dontaudit hal_camera_default system_data_file:dir { search }; + +# google3 prebuilts attempt to connect to the wrong trace socket, ignore them. +dontaudit hal_camera_default traced:unix_stream_socket { connectto }; +dontaudit hal_camera_default traced_producer_socket:sock_file { write }; + +# Allow access to always-on compute device node +allow hal_camera_default aoc_device:chr_file rw_file_perms; + +# Allow the Camera HAL to acquire wakelocks +wakelock_use(hal_camera_default) diff --git a/whitechapel_pro/hal_dumpstate_default.te b/whitechapel_pro/hal_dumpstate_default.te deleted file mode 100644 index f5ebec1..0000000 --- a/whitechapel_pro/hal_dumpstate_default.te +++ /dev/null @@ -1,139 +0,0 @@ -allow hal_dumpstate_default vendor_camera_data_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_camera_data_file:file r_file_perms; - -allow hal_dumpstate_default sysfs_cpu:file r_file_perms; - -allow hal_dumpstate_default vendor_usf_reg_edit:file execute_no_trans; -allow hal_dumpstate_default vendor_usf_stats:file execute_no_trans; - -allow hal_dumpstate_default vendor_rfsd_log_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_rfsd_log_file:file r_file_perms; - -allow hal_dumpstate_default vendor_gps_file:dir r_dir_perms; -allow hal_dumpstate_default vendor_gps_file:file r_file_perms; - -allow hal_dumpstate_default sysfs_chip_id:file r_file_perms; - -allow hal_dumpstate_default sysfs_wlc:dir r_dir_perms; -allow hal_dumpstate_default sysfs_wlc:file r_file_perms; - -allow hal_dumpstate_default sysfs_exynos_bts:dir r_dir_perms; -allow hal_dumpstate_default sysfs_exynos_bts_stats:file r_file_perms; - -allow hal_dumpstate_default sysfs_aoc:dir r_dir_perms; -allow hal_dumpstate_default sysfs_aoc_dumpstate:file r_file_perms; - -allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; -allow hal_dumpstate_default sscoredump_vendor_data_crashinfo_file:file r_file_perms; - -allow hal_dumpstate_default sysfs_thermal:dir r_dir_perms; -allow hal_dumpstate_default sysfs_thermal:file r_file_perms; - -allow hal_dumpstate_default sysfs_wifi:dir r_dir_perms; -allow hal_dumpstate_default sysfs_wifi:file r_file_perms; - -allow hal_dumpstate_default sysfs_batteryinfo:dir r_dir_perms; -allow hal_dumpstate_default sysfs_batteryinfo:file r_file_perms; - -allow hal_dumpstate_default sysfs_acpm_stats:dir r_dir_perms; -allow hal_dumpstate_default sysfs_acpm_stats:file r_file_perms; - -allow hal_dumpstate_default radio_vendor_data_file:dir create_dir_perms; -allow hal_dumpstate_default radio_vendor_data_file:file create_file_perms; - -allow hal_dumpstate_default modem_efs_file:dir search; -allow hal_dumpstate_default modem_efs_file:file r_file_perms; -allow hal_dumpstate_default modem_stat_data_file:dir r_dir_perms; -allow hal_dumpstate_default modem_stat_data_file:file r_file_perms; -allow hal_dumpstate_default vendor_slog_file:file r_file_perms; - -allow hal_dumpstate_default logbuffer_device:chr_file r_file_perms; - -allow hal_dumpstate_default citadeld_service:service_manager find; -allow hal_dumpstate_default citadel_updater:file execute_no_trans; -binder_call(hal_dumpstate_default, citadeld); - -allow hal_dumpstate_default device:dir r_dir_perms; -allow hal_dumpstate_default aoc_device:chr_file rw_file_perms; - -allow hal_dumpstate_default proc_f2fs:dir r_dir_perms; -allow hal_dumpstate_default proc_f2fs:file r_file_perms; - -allow hal_dumpstate_default sysfs_scsi_devices_0000:dir r_dir_perms; -allow hal_dumpstate_default sysfs_scsi_devices_0000:file r_file_perms; - -allow hal_dumpstate_default sysfs_touch:dir r_dir_perms; -allow hal_dumpstate_default sysfs_touch:file rw_file_perms; - -allow hal_dumpstate_default proc_touch:dir r_dir_perms; -allow hal_dumpstate_default proc_touch:file rw_file_perms; - -allow hal_dumpstate_default vendor_displaycolor_service:service_manager find; -binder_call(hal_dumpstate_default, hal_graphics_composer_default); -vndbinder_use(hal_dumpstate_default) - -allow hal_dumpstate_default shell_data_file:file getattr; - -allow hal_dumpstate_default vendor_log_file:dir search; -allow hal_dumpstate_default vendor_dumpsys:file execute_no_trans; - -allow hal_dumpstate_default vendor_toolbox_exec:file execute_no_trans; -allow hal_dumpstate_default vendor_shell_exec:file execute_no_trans; - -allow hal_dumpstate_default proc_vendor_sched:dir r_dir_perms; -allow hal_dumpstate_default proc_vendor_sched:file r_file_perms; - -get_prop(hal_dumpstate_default, vendor_camera_debug_prop); -get_prop(hal_dumpstate_default, boottime_public_prop) -get_prop(hal_dumpstate_default, vendor_camera_prop) -get_prop(hal_dumpstate_default, vendor_gps_prop) -set_prop(hal_dumpstate_default, vendor_modem_prop) -get_prop(hal_dumpstate_default, vendor_rild_prop) -get_prop(hal_dumpstate_default, vendor_tcpdump_log_prop) -set_prop(hal_dumpstate_default, vendor_logger_prop) - -userdebug_or_eng(` - allow hal_dumpstate_default mnt_vendor_file:dir search; - allow hal_dumpstate_default ramdump_vendor_mnt_file:dir search; - allow hal_dumpstate_default ramdump_vendor_mnt_file:file r_file_perms; - allow hal_dumpstate_default sysfs_bcl:dir r_dir_perms; - allow hal_dumpstate_default sysfs_bcl:file r_file_perms; - allow hal_dumpstate_default debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_votable_debugfs:file r_file_perms; - allow hal_dumpstate_default debugfs_f2fs:dir r_dir_perms; - allow hal_dumpstate_default debugfs_f2fs:file r_file_perms; - allow hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_battery_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms; - allow hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; - allow hal_dumpstate_default vendor_page_pinner_debugfs:dir search; - allow hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; -') - -dontaudit hal_dumpstate_default mnt_vendor_file:dir search; -dontaudit hal_dumpstate_default vendor_dri_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_dri_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_votable_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_votable_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default debugfs_f2fs:dir r_dir_perms; -dontaudit hal_dumpstate_default debugfs_f2fs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_battery_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_battery_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_charger_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_charger_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_dmabuf_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_maxfg_debugfs:dir r_dir_perms; -dontaudit hal_dumpstate_default vendor_maxfg_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default vendor_pm_genpd_debugfs:file r_file_perms; -dontaudit hal_dumpstate_default sysfs_bcl:dir r_dir_perms; -dontaudit hal_dumpstate_default sysfs_bcl:file r_file_perms; -dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:dir search; -dontaudit hal_dumpstate_default vendor_page_pinner_debugfs:file r_file_perms; diff --git a/whitechapel_pro/hal_fastboot_default.te b/whitechapel_pro/hal_fastboot_default.te new file mode 100644 index 0000000..396120e --- /dev/null +++ b/whitechapel_pro/hal_fastboot_default.te @@ -0,0 +1,24 @@ +binder_use(hal_fastboot_default) + +# For get-off-mode charge state +allow hal_fastboot_default devinfo_block_device:blk_file { open read }; +allow hal_fastboot_default kmsg_device:chr_file { open write }; + +# For dev/block/by-name dir +allow hal_fastboot_default block_device:dir r_dir_perms; + +allow hal_fastboot_default tmpfs:dir rw_dir_perms; +allow hal_fastboot_default rootfs:dir r_dir_perms; + +# For set-brightness +allow hal_fastboot_default sysfs_leds:dir search; +allow hal_fastboot_default sysfs_leds:file rw_file_perms; +allow hal_fastboot_default sysfs_leds:lnk_file read; + +#for fastboot -w (wiping device) +allow hal_fastboot_default citadel_device:chr_file { rw_file_perms }; +allow hal_fastboot_default proc_bootconfig:file { rw_file_perms }; +allow hal_fastboot_default proc_cmdline:file { rw_file_perms }; +allow hal_fastboot_default st54spi_device:chr_file { rw_file_perms }; +allow hal_fastboot_default metadata_block_device:blk_file { rw_file_perms }; +allowxperm hal_fastboot_default metadata_block_device:blk_file ioctl { BLKSECDISCARD BLKDISCARD }; diff --git a/whitechapel_pro/hal_fingerprint_default.te b/whitechapel_pro/hal_fingerprint_default.te index fa03d98..8ec45a9 100644 --- a/whitechapel_pro/hal_fingerprint_default.te +++ b/whitechapel_pro/hal_fingerprint_default.te @@ -23,3 +23,17 @@ allow hal_fingerprint_default fwk_sensor_hwservice:hwservice_manager find; # Allow fingerprint to read sysfs_display allow hal_fingerprint_default sysfs_display:file r_file_perms; + +# Allow fingerprint to access trusty sysfs +allow hal_fingerprint_default sysfs_trusty:file rw_file_perms; + +# Allow fingerprint to access display hal +allow hal_fingerprint_default hal_pixel_display_service:service_manager find; +binder_call(hal_fingerprint_default, hal_graphics_composer_default) + +# allow fingerprint to access thermal hal +hal_client_domain(hal_fingerprint_default, hal_thermal); + +# allow fingerprint to read sysfs_leds +allow hal_fingerprint_default sysfs_leds:file r_file_perms; +allow hal_fingerprint_default sysfs_leds:dir r_dir_perms; diff --git a/whitechapel_pro/hal_graphics_composer_default.te b/whitechapel_pro/hal_graphics_composer_default.te index 61972c7..2496674 100644 --- a/whitechapel_pro/hal_graphics_composer_default.te +++ b/whitechapel_pro/hal_graphics_composer_default.te @@ -52,3 +52,7 @@ vndbinder_use(hal_graphics_composer_default) # allow HWC to get device_config_surface_flinger_native_boot_prop for adpf flags get_prop(hal_graphics_composer_default, device_config_surface_flinger_native_boot_prop) + +# allow HWC to write log file +allow hal_graphics_composer_default vendor_hwc_log_file:dir rw_dir_perms; +allow hal_graphics_composer_default vendor_hwc_log_file:file create_file_perms; diff --git a/whitechapel_pro/hal_health_default.te b/whitechapel_pro/hal_health_default.te index cfe602d..fbbad6b 100644 --- a/whitechapel_pro/hal_health_default.te +++ b/whitechapel_pro/hal_health_default.te @@ -4,14 +4,17 @@ allow hal_health_default persist_battery_file:file create_file_perms; allow hal_health_default persist_battery_file:dir rw_dir_perms; set_prop(hal_health_default, vendor_battery_defender_prop) +set_prop(hal_health_default, vendor_shutdown_prop) # Access to /sys/devices/platform/14700000.ufs/* allow hal_health_default sysfs_scsi_devices_0000:dir r_dir_perms; allow hal_health_default sysfs_scsi_devices_0000:file rw_file_perms; +allow hal_health_default fwk_stats_service:service_manager find; +binder_use(hal_health_default) + allow hal_health_default sysfs_wlc:dir search; allow hal_health_default sysfs_batteryinfo:file w_file_perms; allow hal_health_default sysfs_thermal:dir search; allow hal_health_default sysfs_thermal:file w_file_perms; -allow hal_health_default sysfs_thermal:lnk_file read; allow hal_health_default thermal_link_device:dir search; diff --git a/whitechapel_pro/hal_input_processor_default.te b/whitechapel_pro/hal_input_processor_default.te new file mode 100644 index 0000000..00d4c69 --- /dev/null +++ b/whitechapel_pro/hal_input_processor_default.te @@ -0,0 +1,2 @@ +# allow InputProcessor HAL to read the display resolution system property +get_prop(hal_input_processor_default, vendor_display_prop) diff --git a/whitechapel_pro/hal_memtrack_default.te b/whitechapel_pro/hal_memtrack_default.te new file mode 100644 index 0000000..7554c6f --- /dev/null +++ b/whitechapel_pro/hal_memtrack_default.te @@ -0,0 +1 @@ +r_dir_file(hal_memtrack_default, sysfs_gpu) diff --git a/whitechapel_pro/hal_nfc_default.te b/whitechapel_pro/hal_nfc_default.te index 247ca3d..11e0617 100644 --- a/whitechapel_pro/hal_nfc_default.te +++ b/whitechapel_pro/hal_nfc_default.te @@ -13,3 +13,5 @@ allow hal_nfc_default uwb_data_vendor:file r_file_perms; # allow nfc to read uwb calibration file get_prop(hal_nfc_default, vendor_uwb_calibration_prop) +get_prop(hal_nfc_default, vendor_uwb_calibration_country_code) + diff --git a/whitechapel_pro/hal_power_default.te b/whitechapel_pro/hal_power_default.te index 076de46..4d6d0e0 100644 --- a/whitechapel_pro/hal_power_default.te +++ b/whitechapel_pro/hal_power_default.te @@ -6,4 +6,6 @@ allow hal_power_default proc_vendor_sched:file r_file_perms; allow hal_power_default sysfs_gpu:file rw_file_perms; allow hal_power_default sysfs_fabric:file rw_file_perms; allow hal_power_default sysfs_camera:file rw_file_perms; +allow hal_power_default sysfs_trusty:file rw_file_perms; +allow hal_power_default sysfs_em_profile:file rw_file_perms; set_prop(hal_power_default, vendor_camera_prop) diff --git a/whitechapel_pro/hal_sensors_default.te b/whitechapel_pro/hal_sensors_default.te index b33741e..076ceaf 100644 --- a/whitechapel_pro/hal_sensors_default.te +++ b/whitechapel_pro/hal_sensors_default.te @@ -30,15 +30,30 @@ allow hal_sensors_default persist_sensor_reg_file:file r_file_perms; r_dir_file(hal_sensors_default, persist_camera_file) # Allow creation and writing of sensor registry data files. -allow hal_sensors_default sensor_reg_data_file:dir r_dir_perms; -allow hal_sensors_default sensor_reg_data_file:file r_file_perms; +allow hal_sensors_default sensor_reg_data_file:dir rw_dir_perms; +allow hal_sensors_default sensor_reg_data_file:file create_file_perms; + +userdebug_or_eng(` + # Allow creation and writing of sensor debug data files. + allow hal_sensors_default sensor_debug_data_file:dir rw_dir_perms; + allow hal_sensors_default sensor_debug_data_file:file create_file_perms; +') # Allow access to the display info for ALS. allow hal_sensors_default sysfs_display:file rw_file_perms; +# Allow access to the sysfs_aoc. +allow hal_sensors_default sysfs_aoc:dir search; +allow hal_sensors_default sysfs_aoc:file r_file_perms; + +# Allow access for AoC properties. +get_prop(hal_sensors_default, vendor_aoc_prop) + +# Allow sensor HAL to read AoC dumpstate. +allow hal_sensors_default sysfs_aoc_dumpstate:file r_file_perms; + # Allow access to the AoC clock and kernel boot time sys FS node. This is needed # to synchronize the AP and AoC clock timestamps. -allow hal_sensors_default sysfs_aoc:dir search; allow hal_sensors_default sysfs_aoc_boottime:file r_file_perms; # Allow access to the files of CDT information. @@ -66,3 +81,7 @@ binder_call(hal_sensors_default, hal_graphics_composer_default); # Allow display_info_service access to the backlight driver. allow hal_sensors_default sysfs_write_leds:file rw_file_perms; + +# Allow access to the power supply files for MagCC. +r_dir_file(hal_sensors_default, sysfs_batteryinfo) +allow hal_sensors_default sysfs_wlc:dir r_dir_perms; diff --git a/whitechapel_pro/hal_thermal_default.te b/whitechapel_pro/hal_thermal_default.te index 9852a76..a573a2a 100644 --- a/whitechapel_pro/hal_thermal_default.te +++ b/whitechapel_pro/hal_thermal_default.te @@ -1,2 +1,2 @@ -allow hal_thermal_default sysfs_iio_devices:dir r_dir_perms; -allow hal_thermal_default sysfs_odpm:file r_file_perms; +r_dir_file(hal_thermal_default, sysfs_iio_devices) +r_dir_file(hal_thermal_default, sysfs_odpm) diff --git a/whitechapel_pro/hal_usb_impl.te b/whitechapel_pro/hal_usb_impl.te index a5da3ce..5d2a65e 100644 --- a/whitechapel_pro/hal_usb_impl.te +++ b/whitechapel_pro/hal_usb_impl.te @@ -24,3 +24,8 @@ hal_client_domain(hal_usb_impl, hal_thermal); # For reading the usb-c throttling stats allow hal_usb_impl sysfs_usbc_throttling_stats:file r_file_perms; + +# For issuing vendor commands to USB hub via libusbhost +allow hal_usb_impl device:dir r_dir_perms; +allow hal_usb_impl usb_device:chr_file rw_file_perms; +allow hal_usb_impl usb_device:dir r_dir_perms; diff --git a/whitechapel_pro/hal_wireless_charger.te b/whitechapel_pro/hal_wireless_charger.te new file mode 100644 index 0000000..04b3e5e --- /dev/null +++ b/whitechapel_pro/hal_wireless_charger.te @@ -0,0 +1,2 @@ +type hal_wireless_charger, domain; +type hal_wireless_charger_exec, exec_type, vendor_file_type, file_type; diff --git a/whitechapel_pro/hal_wlc.te b/whitechapel_pro/hal_wlc.te index 80eb167..1cf9d03 100644 --- a/whitechapel_pro/hal_wlc.te +++ b/whitechapel_pro/hal_wlc.te @@ -7,8 +7,6 @@ add_hwservice(hal_wlc, hal_wlc_hwservice) get_prop(hal_wlc, hwservicemanager_prop) r_dir_file(hal_wlc, sysfs_batteryinfo) -allow hal_wlc sysfs_wlc:dir r_dir_perms; -allow hal_wlc sysfs_wlc:file rw_file_perms; allow hal_wlc self:netlink_kobject_uevent_socket create_socket_perms_no_ioctl; diff --git a/whitechapel_pro/hardware_info_app.te b/whitechapel_pro/hardware_info_app.te deleted file mode 100644 index 751bb88..0000000 --- a/whitechapel_pro/hardware_info_app.te +++ /dev/null @@ -1,26 +0,0 @@ -type hardware_info_app, domain; -app_domain(hardware_info_app) - -allow hardware_info_app app_api_service:service_manager find; - -# Storage -allow hardware_info_app sysfs_scsi_devices_0000:dir search; -allow hardware_info_app sysfs_scsi_devices_0000:file r_file_perms; - -# Audio -allow hardware_info_app sysfs_pixelstats:file r_file_perms; - -# Batteryinfo -allow hardware_info_app sysfs_batteryinfo:dir search; -allow hardware_info_app sysfs_batteryinfo:file r_file_perms; - -# Display -allow hardware_info_app sysfs_display:dir search; -allow hardware_info_app sysfs_display:file r_file_perms; - -# SoC -allow hardware_info_app sysfs_soc:file r_file_perms; -allow hardware_info_app sysfs_chip_id:file r_file_perms; - -# Batery history -allow hardware_info_app battery_history_device:chr_file r_file_perms; diff --git a/whitechapel_pro/hbmsvmanager_app.te b/whitechapel_pro/hbmsvmanager_app.te index 3ed4f82..b705809 100644 --- a/whitechapel_pro/hbmsvmanager_app.te +++ b/whitechapel_pro/hbmsvmanager_app.te @@ -1,4 +1,4 @@ -type hbmsvmanager_app, domain; +type hbmsvmanager_app, domain, coredomain; app_domain(hbmsvmanager_app); diff --git a/whitechapel_pro/init-display-sh.te b/whitechapel_pro/init-display-sh.te new file mode 100644 index 0000000..54ff7d6 --- /dev/null +++ b/whitechapel_pro/init-display-sh.te @@ -0,0 +1,10 @@ +type init-display-sh, domain; +type init-display-sh_exec, vendor_file_type, exec_type, file_type; +init_daemon_domain(init-display-sh) + +allow init-display-sh self:capability sys_module; +allow init-display-sh vendor_kernel_modules:system module_load; +allow init-display-sh vendor_toolbox_exec:file execute_no_trans; + +dontaudit init-display-sh proc_cmdline:file r_file_perms; + diff --git a/whitechapel_pro/init-insmod-sh.te b/whitechapel_pro/init-insmod-sh.te deleted file mode 100644 index ca98618..0000000 --- a/whitechapel_pro/init-insmod-sh.te +++ /dev/null @@ -1,17 +0,0 @@ -type init-insmod-sh, domain; -type init-insmod-sh_exec, vendor_file_type, exec_type, file_type; -init_daemon_domain(init-insmod-sh) - -allow init-insmod-sh self:capability sys_module; -allow init-insmod-sh vendor_kernel_modules:system module_load; -allow init-insmod-sh vendor_toolbox_exec:file execute_no_trans; - -allow init-insmod-sh self:capability sys_nice; -allow init-insmod-sh kernel:process setsched; - -set_prop(init-insmod-sh, vendor_device_prop) - -dontaudit init-insmod-sh proc_cmdline:file r_file_perms; - -allow init-insmod-sh debugfs_mgm:dir search; -allow init-insmod-sh vendor_regmap_debugfs:dir search; diff --git a/whitechapel_pro/insmod-sh.te b/whitechapel_pro/insmod-sh.te new file mode 100644 index 0000000..c7bbdc6 --- /dev/null +++ b/whitechapel_pro/insmod-sh.te @@ -0,0 +1,7 @@ +allow insmod-sh self:capability sys_nice; +allow insmod-sh kernel:process setsched; + +dontaudit insmod-sh proc_cmdline:file r_file_perms; + +allow insmod-sh debugfs_mgm:dir search; +allow insmod-sh vendor_regmap_debugfs:dir search; diff --git a/whitechapel_pro/kernel.te b/whitechapel_pro/kernel.te index c34e7f7..2cddb45 100644 --- a/whitechapel_pro/kernel.te +++ b/whitechapel_pro/kernel.te @@ -9,3 +9,5 @@ allow kernel self:capability2 perfmon; allow kernel self:perf_event cpu; dontaudit kernel vendor_battery_debugfs:dir search; +dontaudit kernel vendor_maxfg_debugfs:dir { search }; +dontaudit kernel vendor_regmap_debugfs:dir search; diff --git a/whitechapel_pro/keys.conf b/whitechapel_pro/keys.conf index 80522c4..54130ea 100644 --- a/whitechapel_pro/keys.conf +++ b/whitechapel_pro/keys.conf @@ -9,3 +9,9 @@ ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/com_qorvo_uwb.x509.pem [@EUICCSUPPORTPIXEL] ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/EuiccSupportPixel.x509.pem + +[@CAMERAENG] +ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/camera_eng.x509.pem + +[@CAMERAFISHFOOD] +ALL : device/google/gs201-sepolicy/whitechapel_pro/certs/camera_fishfood.x509.pem diff --git a/whitechapel_pro/logd.te b/whitechapel_pro/logd.te index cc55e20..ca969d8 100644 --- a/whitechapel_pro/logd.te +++ b/whitechapel_pro/logd.te @@ -1,2 +1,4 @@ r_dir_file(logd, logbuffer_device) allow logd logbuffer_device:chr_file r_file_perms; +allow logd trusty_log_device:chr_file r_file_perms; + diff --git a/whitechapel_pro/logger_app.te b/whitechapel_pro/logger_app.te index 9809f30..684e94a 100644 --- a/whitechapel_pro/logger_app.te +++ b/whitechapel_pro/logger_app.te @@ -5,6 +5,10 @@ userdebug_or_eng(` allow logger_app vendor_gps_file:file create_file_perms; allow logger_app vendor_gps_file:dir create_dir_perms; allow logger_app sysfs_sscoredump_level:file r_file_perms; + allow logger_app hal_exynos_rild_hwservice:hwservice_manager find; + + binder_call(logger_app, rild) + r_dir_file(logger_app, ramdump_vendor_data_file) r_dir_file(logger_app, sscoredump_vendor_data_coredump_file) r_dir_file(logger_app, sscoredump_vendor_data_crashinfo_file) diff --git a/whitechapel_pro/mac_permissions.xml b/whitechapel_pro/mac_permissions.xml index 821f660..b57e61c 100644 --- a/whitechapel_pro/mac_permissions.xml +++ b/whitechapel_pro/mac_permissions.xml @@ -33,4 +33,10 @@ <signer signature="@EUICCSUPPORTPIXEL" > <seinfo value="EuiccSupportPixel" /> </signer> + <signer signature="@CAMERAENG" > + <seinfo value="CameraEng" /> + </signer> + <signer signature="@CAMERAFISHFOOD" > + <seinfo value="CameraFishfood" /> + </signer> </policy> diff --git a/whitechapel_pro/modem_svc_sit.te b/whitechapel_pro/modem_svc_sit.te index d3e79c9..040082e 100644 --- a/whitechapel_pro/modem_svc_sit.te +++ b/whitechapel_pro/modem_svc_sit.te @@ -5,6 +5,9 @@ init_daemon_domain(modem_svc_sit) hwbinder_use(modem_svc_sit) binder_call(modem_svc_sit, rild) +# Grant sysfs modem access +allow modem_svc_sit sysfs_modem:file rw_file_perms; + # Grant radio device access allow modem_svc_sit radio_device:chr_file rw_file_perms; @@ -14,6 +17,9 @@ allow modem_svc_sit radio_vendor_data_file:file create_file_perms; allow modem_svc_sit modem_stat_data_file:dir create_dir_perms; allow modem_svc_sit modem_stat_data_file:file create_file_perms; +allow modem_svc_sit vendor_fw_file:dir search; +allow modem_svc_sit vendor_fw_file:file r_file_perms; + allow modem_svc_sit mnt_vendor_file:dir search; allow modem_svc_sit modem_userdata_file:dir create_dir_perms; allow modem_svc_sit modem_userdata_file:file create_file_perms; @@ -21,6 +27,16 @@ allow modem_svc_sit modem_userdata_file:file create_file_perms; # RIL property get_prop(modem_svc_sit, vendor_rild_prop) +# Modem property +set_prop(modem_svc_sit, vendor_modem_prop) + # hwservice permission allow modem_svc_sit hal_exynos_rild_hwservice:hwservice_manager find; get_prop(modem_svc_sit, hwservicemanager_prop) + +# logging property +get_prop(modem_svc_sit, vendor_logger_prop) + +userdebug_or_eng(` + allow modem_svc_sit radio_test_device:chr_file rw_file_perms; +') diff --git a/whitechapel_pro/pixelstats_vendor.te b/whitechapel_pro/pixelstats_vendor.te index d16acc0..6aba16a 100644 --- a/whitechapel_pro/pixelstats_vendor.te +++ b/whitechapel_pro/pixelstats_vendor.te @@ -13,9 +13,39 @@ allow pixelstats_vendor sysfs_wlc:file rw_file_perms; get_prop(pixelstats_vendor, hwservicemanager_prop); hwbinder_use(pixelstats_vendor); allow pixelstats_vendor fwk_sensor_hwservice:hwservice_manager find; +# android.frameworks.sensorservice through libsensorndkbridge +allow pixelstats_vendor fwk_sensor_service:service_manager find; + # Batery history allow pixelstats_vendor battery_history_device:chr_file r_file_perms; # storage smart idle maintenance get_prop(pixelstats_vendor, smart_idle_maint_enabled_prop); + +# Pca charge +allow pixelstats_vendor sysfs_pca:file rw_file_perms; + +#Thermal +r_dir_file(pixelstats_vendor, sysfs_thermal) +allow pixelstats_vendor sysfs_thermal:lnk_file r_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; + +# PCIe statistics +allow pixelstats_vendor sysfs_exynos_pcie_stats:dir search; +allow pixelstats_vendor sysfs_exynos_pcie_stats:file rw_file_perms; + +#perf-metrics +r_dir_file(pixelstats_vendor, sysfs_vendor_metrics) +allow pixelstats_vendor sysfs_vendor_metrics:lnk_file r_file_perms; +allow pixelstats_vendor sysfs_vendor_metrics:file w_file_perms; + +# BCL +allow pixelstats_vendor sysfs_bcl:dir search; +allow pixelstats_vendor sysfs_bcl:file r_file_perms; +allow pixelstats_vendor mitigation_vendor_data_file:dir search; +allow pixelstats_vendor mitigation_vendor_data_file:file { read write }; +get_prop(pixelstats_vendor, vendor_brownout_reason_prop); diff --git a/whitechapel_pro/platform_app.te b/whitechapel_pro/platform_app.te index 356167a..1891cae 100644 --- a/whitechapel_pro/platform_app.te +++ b/whitechapel_pro/platform_app.te @@ -1,3 +1,6 @@ +binder_call(platform_app, rild) +allow platform_app hal_exynos_rild_hwservice:hwservice_manager find; + allow platform_app hal_pixel_display_service:service_manager find; allow platform_app hal_wlc_hwservice:hwservice_manager find; allow platform_app nfc_service:service_manager find; @@ -14,3 +17,7 @@ binder_call(platform_app, hal_wlc) # allow udfps of systemui access lhbm binder_call(platform_app, hal_graphics_composer_default) + +# WLC +allow platform_app hal_wireless_charger_service:service_manager find; +binder_call(platform_app, hal_wireless_charger) diff --git a/whitechapel_pro/property.te b/whitechapel_pro/property.te index bc898f4..d297abe 100644 --- a/whitechapel_pro/property.te +++ b/whitechapel_pro/property.te @@ -11,18 +11,15 @@ vendor_internal_prop(vendor_nfc_prop) vendor_internal_prop(vendor_secure_element_prop) vendor_internal_prop(vendor_battery_profile_prop) vendor_internal_prop(vendor_battery_defender_prop) +vendor_internal_prop(vendor_shutdown_prop) vendor_internal_prop(vendor_imssvc_prop) vendor_internal_prop(vendor_camera_prop) -vendor_internal_prop(vendor_camera_debug_prop) vendor_internal_prop(vendor_camera_fatp_prop) vendor_internal_prop(vendor_usb_config_prop) vendor_internal_prop(vendor_tcpdump_log_prop) -vendor_internal_prop(vendor_device_prop) -vendor_internal_prop(vendor_ready_prop) vendor_internal_prop(vendor_gps_prop) vendor_internal_prop(vendor_ro_sys_default_prop) vendor_internal_prop(vendor_persist_sys_default_prop) -vendor_internal_prop(vendor_logger_prop) vendor_internal_prop(vendor_display_prop) # Fingerprint @@ -30,7 +27,20 @@ vendor_internal_prop(vendor_fingerprint_prop) # UWB calibration system_vendor_config_prop(vendor_uwb_calibration_prop) +# Country code must be vendor_public to be written by UwbVendorService and read by NFC HAL +vendor_internal_prop(vendor_uwb_calibration_country_code) # Dynamic sensor vendor_internal_prop(vendor_dynamic_sensor_prop) +# Telephony debug app +vendor_internal_prop(vendor_telephony_app_prop) + +# Trusty storage FS ready +vendor_internal_prop(vendor_trusty_storage_prop) + +# Mali Integration +vendor_restricted_prop(vendor_arm_runtime_option_prop) + +# ArmNN +vendor_internal_prop(vendor_armnn_config_prop) diff --git a/whitechapel_pro/property_contexts b/whitechapel_pro/property_contexts index ce73700..947adf2 100644 --- a/whitechapel_pro/property_contexts +++ b/whitechapel_pro/property_contexts @@ -4,14 +4,6 @@ persist.vendor.sys.diag. u:object_r:vendor_diag_prop:s0 vendor.sys.dmd. u:object_r:vendor_diag_prop:s0 vendor.sys.diag. u:object_r:vendor_diag_prop:s0 -# Kernel modules related -vendor.common.modules.ready u:object_r:vendor_device_prop:s0 -vendor.device.modules.ready u:object_r:vendor_device_prop:s0 - -# Indicating signal that all modules and devices are ready -vendor.all.modules.ready u:object_r:vendor_ready_prop:s0 -vendor.all.devices.ready u:object_r:vendor_ready_prop:s0 - # Tcpdump_logger persist.vendor.tcpdump.log.alwayson u:object_r:vendor_tcpdump_log_prop:s0 vendor.tcpdump. u:object_r:vendor_tcpdump_log_prop:s0 @@ -57,6 +49,7 @@ persist.vendor.testing_battery_profile u:object_r:vendor_battery_profile_pro # Battery vendor.battery.defender. u:object_r:vendor_battery_defender_prop:s0 +persist.vendor.shutdown. u:object_r:vendor_shutdown_prop:s0 # NFC persist.vendor.nfc. u:object_r:vendor_nfc_prop:s0 @@ -75,13 +68,11 @@ persist.vendor.display. u:object_r:vendor_display_prop:s0 # Camera persist.vendor.camera. u:object_r:vendor_camera_prop:s0 vendor.camera. u:object_r:vendor_camera_prop:s0 -vendor.camera.debug. u:object_r:vendor_camera_debug_prop:s0 vendor.camera.fatp. u:object_r:vendor_camera_fatp_prop:s0 # for logger app vendor.pixellogger. u:object_r:vendor_logger_prop:s0 persist.vendor.pixellogger. u:object_r:vendor_logger_prop:s0 -persist.vendor.verbose_logging_enabled u:object_r:vendor_logger_prop:s0 # vendor default ro.vendor.sys. u:object_r:vendor_ro_sys_default_prop:s0 @@ -92,14 +83,29 @@ vendor.gps. u:object_r:vendor_gps_prop:s0 persist.vendor.gps. u:object_r:vendor_gps_prop:s0 # Fingerprint +persist.vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.fingerprint. u:object_r:vendor_fingerprint_prop:s0 vendor.gf. u:object_r:vendor_fingerprint_prop:s0 #uwb ro.vendor.uwb.calibration. u:object_r:vendor_uwb_calibration_prop:s0 exact string +vendor.uwb.calibration.country_code u:object_r:vendor_uwb_calibration_country_code:s0 exact string + # Dynamic sensor vendor.dynamic_sensor. u:object_r:vendor_dynamic_sensor_prop:s0 # for ims service persist.vendor.ims. u:object_r:vendor_imssvc_prop:s0 + +# for vendor telephony debug app +vendor.config.debug. u:object_r:vendor_telephony_app_prop:s0 + +# Trusty +ro.vendor.trusty.storage.fs_ready u:object_r:vendor_trusty_storage_prop:s0 + +# Mali GPU driver configuration and debug options +vendor.mali. u:object_r:vendor_arm_runtime_option_prop:s0 prefix + +# ArmNN configuration +ro.vendor.armnn. u:object_r:vendor_armnn_config_prop:s0 prefix diff --git a/whitechapel_pro/radio.te b/whitechapel_pro/radio.te index 8cb144d..4727846 100644 --- a/whitechapel_pro/radio.te +++ b/whitechapel_pro/radio.te @@ -1,2 +1,5 @@ allow radio proc_vendor_sched:dir r_dir_perms; -allow radio proc_vendor_sched:file w_file_perms;
\ No newline at end of file +allow radio proc_vendor_sched:file w_file_perms; + +allow radio radio_vendor_data_file:dir rw_dir_perms; +allow radio radio_vendor_data_file:file create_file_perms; diff --git a/whitechapel_pro/recovery.te b/whitechapel_pro/recovery.te index bfa3c7d..1974ebb 100644 --- a/whitechapel_pro/recovery.te +++ b/whitechapel_pro/recovery.te @@ -1,4 +1,4 @@ recovery_only(` allow recovery sysfs_ota:file rw_file_perms; - allow recovery citadel_device:chr_file rw_file_perms; + allow recovery st54spi_device:chr_file rw_file_perms; ') diff --git a/whitechapel_pro/rild.te b/whitechapel_pro/rild.te index d8c8c29..484dda0 100644 --- a/whitechapel_pro/rild.te +++ b/whitechapel_pro/rild.te @@ -16,6 +16,7 @@ allow rild mnt_vendor_file:dir r_dir_perms; r_dir_file(rild, modem_img_file) +binder_call(rild, platform_app) binder_call(rild, bipchmgr) binder_call(rild, gpsd) binder_call(rild, hal_audio_default) @@ -26,12 +27,18 @@ binder_call(rild, oemrilservice_app) binder_call(rild, hal_secure_element_uicc) binder_call(rild, grilservice_app) binder_call(rild, vendor_engineermode_app) +binder_call(rild, vendor_telephony_debug_app) +binder_call(rild, logger_app) # for hal service add_hwservice(rild, hal_exynos_rild_hwservice) -allow rild hal_audio_ext_hwservice:hwservice_manager find; # Allow rild to access files on modem img. allow rild modem_img_file:dir r_dir_perms; allow rild modem_img_file:file r_file_perms; allow rild modem_img_file:lnk_file r_file_perms; + +# Allow rild to ptrace for memory leak detection +userdebug_or_eng(` +allow rild self:process ptrace; +') diff --git a/whitechapel_pro/seapp_contexts b/whitechapel_pro/seapp_contexts index f2fd47f..149e228 100644 --- a/whitechapel_pro/seapp_contexts +++ b/whitechapel_pro/seapp_contexts @@ -1,4 +1,5 @@ # Samsung S.LSI IMS +user=_app isPrivApp=true name=.ShannonImsService domain=vendor_ims_app levelFrom=all user=_app isPrivApp=true name=com.shannon.imsservice domain=vendor_ims_app levelFrom=all user=_app isPrivApp=true name=com.shannon.imsservice:remote domain=vendor_ims_remote_app levelFrom=all user=_app isPrivApp=true name=com.shannon.qualifiednetworksservice domain=vendor_qualifiednetworks_app levelFrom=all @@ -17,9 +18,6 @@ user=system seinfo=platform name=com.samsung.slsi.telephony.networktestmode doma # Samsung S.LSI engineer mode user=_app seinfo=platform name=com.samsung.slsi.engineermode domain=vendor_engineermode_app levelFrom=all -# Hardware Info Collection -user=_app isPrivApp=true name=com.google.android.hardwareinfo domain=hardware_info_app type=app_data_file levelFrom=user - # coredump/ramdump user=_app seinfo=platform name=com.android.ramdump domain=ramdump_app type=app_data_file levelFrom=all @@ -57,6 +55,15 @@ user=system seinfo=platform name=com.google.SSRestartDetector domain=ssr_detecto # Google Camera user=_app isPrivApp=true seinfo=google name=com.google.android.GoogleCamera domain=google_camera_app type=app_data_file levelFrom=all +# Google Camera Eng +user=_app seinfo=CameraEng name=com.google.android.GoogleCameraEng domain=debug_camera_app type=app_data_file levelFrom=all + +# Also allow GoogleCameraNext, the fishfood version, the same access as GoogleCamera +user=_app seinfo=CameraFishfood name=com.google.android.apps.googlecamera.fishfood domain=google_camera_app type=app_data_file levelFrom=all + +# Also label GoogleCameraNext, built with debug keys as debug_camera_app. +user=_app seinfo=CameraEng name=com.google.android.apps.googlecamera.fishfood domain=debug_camera_app type=app_data_file levelFrom=all + # Domain for CatEngineService user=system seinfo=platform name=com.google.android.CatEngine domain=cat_engine_service_app type=system_app_data_file levelFrom=all diff --git a/whitechapel_pro/service.te b/whitechapel_pro/service.te index 8d5dc1e..1c49d4f 100644 --- a/whitechapel_pro/service.te +++ b/whitechapel_pro/service.te @@ -1,2 +1,5 @@ -type hal_pixel_display_service, service_manager_type, vendor_service; -type hal_uwb_vendor_service, service_manager_type, vendor_service; +type hal_pixel_display_service, service_manager_type, hal_service_type; +type hal_uwb_vendor_service, service_manager_type, hal_service_type; + +# WLC +type hal_wireless_charger_service, hal_service_type, protected_service, service_manager_type; diff --git a/whitechapel_pro/service_contexts b/whitechapel_pro/service_contexts index 5df3441..a3849bb 100644 --- a/whitechapel_pro/service_contexts +++ b/whitechapel_pro/service_contexts @@ -1,2 +1,4 @@ com.google.hardware.pixel.display.IDisplay/default u:object_r:hal_pixel_display_service:s0 hardware.qorvo.uwb.IUwbVendor/default u:object_r:hal_uwb_vendor_service:s0 + +vendor.google.wireless_charger.IWirelessCharger/default u:object_r:hal_wireless_charger_service:s0 diff --git a/whitechapel_pro/ssr_detector.te b/whitechapel_pro/ssr_detector.te index 60ec1bb..2caf6d7 100644 --- a/whitechapel_pro/ssr_detector.te +++ b/whitechapel_pro/ssr_detector.te @@ -4,7 +4,8 @@ app_domain(ssr_detector_app) allow ssr_detector_app app_api_service:service_manager find; allow ssr_detector_app radio_service:service_manager find; -allow ssr_detector_app system_app_data_file:dir r_dir_perms; +allow ssr_detector_app system_app_data_file:dir create_dir_perms; +allow ssr_detector_app system_app_data_file:file create_file_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:dir r_dir_perms; allow ssr_detector_app sscoredump_vendor_data_crashinfo_file:file r_file_perms; diff --git a/whitechapel_pro/system_app.te b/whitechapel_pro/system_app.te index c1560e6..4677e98 100644 --- a/whitechapel_pro/system_app.te +++ b/whitechapel_pro/system_app.te @@ -1,2 +1,3 @@ -allow system_app hal_wlc_hwservice:hwservice_manager find; -binder_call(system_app, hal_wlc) +# WLC +allow system_app hal_wireless_charger_service:service_manager find; +binder_call(system_app, hal_wireless_charger) diff --git a/whitechapel_pro/tee.te b/whitechapel_pro/tee.te index 58228b5..256fb38 100644 --- a/whitechapel_pro/tee.te +++ b/whitechapel_pro/tee.te @@ -12,6 +12,4 @@ allow tee sg_device:chr_file rw_file_perms; # Allow storageproxyd access to gsi_public_metadata_file read_fstab(tee) -# storageproxyd starts before /data is mounted. It handles /data not being there -# gracefully. However, attempts to access /data trigger a denial. -dontaudit tee unlabeled:dir { search }; +set_prop(tee, vendor_trusty_storage_prop) diff --git a/whitechapel_pro/ufs_firmware_update.te b/whitechapel_pro/ufs_firmware_update.te new file mode 100644 index 0000000..53ceba5 --- /dev/null +++ b/whitechapel_pro/ufs_firmware_update.te @@ -0,0 +1,10 @@ +type ufs_firmware_update, domain; +type ufs_firmware_update_exec, vendor_file_type, exec_type, file_type; + +init_daemon_domain(ufs_firmware_update) + +allow ufs_firmware_update vendor_toolbox_exec:file execute_no_trans; +allow ufs_firmware_update block_device:dir r_dir_perms; +allow ufs_firmware_update fips_block_device:blk_file rw_file_perms; +allow ufs_firmware_update sysfs:dir r_dir_perms; +allow ufs_firmware_update sysfs_scsi_devices_0000:file r_file_perms; diff --git a/whitechapel_pro/uwb_vendor_app.te b/whitechapel_pro/uwb_vendor_app.te index 364bee3..aa4564e 100644 --- a/whitechapel_pro/uwb_vendor_app.te +++ b/whitechapel_pro/uwb_vendor_app.te @@ -16,6 +16,10 @@ allow uwb_vendor_app uwb_vendor_data_file:dir create_dir_perms; allow hal_uwb_vendor_default self:global_capability_class_set sys_nice; allow hal_uwb_vendor_default kernel:process setsched; +# UwbVendorService must be able to read USRA version from vendor_secure_element_prop get_prop(uwb_vendor_app, vendor_secure_element_prop) +# UwbVendorService must be able to write country code prop +set_prop(uwb_vendor_app, vendor_uwb_calibration_country_code) + binder_call(uwb_vendor_app, hal_uwb_vendor_default) ') diff --git a/whitechapel_pro/vendor_ims_app.te b/whitechapel_pro/vendor_ims_app.te index 38e6364..ed65eae 100644 --- a/whitechapel_pro/vendor_ims_app.te +++ b/whitechapel_pro/vendor_ims_app.te @@ -1,5 +1,6 @@ type vendor_ims_app, domain; app_domain(vendor_ims_app) +net_domain(vendor_ims_app) allow vendor_ims_app app_api_service:service_manager find; allow vendor_ims_app audioserver_service:service_manager find; @@ -11,6 +12,8 @@ allow vendor_ims_app mediaserver_service:service_manager find; allow vendor_ims_app cameraserver_service:service_manager find; allow vendor_ims_app mediametrics_service:service_manager find; +allow vendor_ims_app self:udp_socket { create_socket_perms_no_ioctl }; + binder_call(vendor_ims_app, rild) set_prop(vendor_ims_app, vendor_rild_prop) set_prop(vendor_ims_app, radio_prop) diff --git a/whitechapel_pro/vendor_init.te b/whitechapel_pro/vendor_init.te index a8626fc..415d7c8 100644 --- a/whitechapel_pro/vendor_init.te +++ b/whitechapel_pro/vendor_init.te @@ -3,8 +3,8 @@ allow vendor_init bootdevice_sysdev:file create_file_perms; set_prop(vendor_init, vendor_ssrdump_prop) set_prop(vendor_init, vendor_carrier_prop) set_prop(vendor_init, vendor_cbd_prop) -set_prop(vendor_init, vendor_ready_prop) get_prop(vendor_init, vendor_battery_profile_prop) +set_prop(vendor_init, vendor_camera_prop) set_prop(vendor_init, vendor_device_prop) set_prop(vendor_init, vendor_modem_prop) set_prop(vendor_init, vendor_usb_config_prop) @@ -24,7 +24,23 @@ allow vendor_init sysfs_st33spi:file w_file_perms; # Fingerprint property set_prop(vendor_init, vendor_fingerprint_prop) -# Touch -allow vendor_init proc_touch:file w_file_perms; - allow vendor_init modem_img_file:filesystem { getattr }; + +# Battery +set_prop(vendor_init, vendor_battery_defender_prop) + +# Display +set_prop(vendor_init, vendor_display_prop) + +# MM +allow vendor_init proc_watermark_scale_factor:file w_file_perms; + +# Trusty storage FS ready +get_prop(vendor_init, vendor_trusty_storage_prop) +allow vendor_init tee_data_file:lnk_file read; + +# Mali +set_prop(vendor_init, vendor_arm_runtime_option_prop) + +# ArmNN +set_prop(vendor_init, vendor_armnn_config_prop) diff --git a/whitechapel_pro/vendor_telephony_debug_app.te b/whitechapel_pro/vendor_telephony_debug_app.te index 946460c..539fffc 100644 --- a/whitechapel_pro/vendor_telephony_debug_app.te +++ b/whitechapel_pro/vendor_telephony_debug_app.te @@ -2,3 +2,19 @@ type vendor_telephony_debug_app, domain; app_domain(vendor_telephony_debug_app) allow vendor_telephony_debug_app app_api_service:service_manager find; +allow vendor_telephony_debug_app hal_exynos_rild_hwservice:hwservice_manager find; + +binder_call(vendor_telephony_debug_app, rild) + +# RIL property +set_prop(vendor_telephony_debug_app, vendor_rild_prop) + +# Debug property +set_prop(vendor_telephony_debug_app, vendor_telephony_app_prop) + +userdebug_or_eng(` +# System Debug Mode +dontaudit vendor_telephony_debug_app system_app_data_file:dir create_dir_perms; +dontaudit vendor_telephony_debug_app system_app_data_file:file create_file_perms; +dontaudit vendor_telephony_debug_app default_prop:file r_file_perms; +') diff --git a/whitechapel_pro/vndservice.te b/whitechapel_pro/vndservice.te index d148360..bd59e83 100644 --- a/whitechapel_pro/vndservice.te +++ b/whitechapel_pro/vndservice.te @@ -1,5 +1,3 @@ -type hal_power_stats_vendor_service, vndservice_manager_type; type rls_service, vndservice_manager_type; -type vendor_displaycolor_service, vndservice_manager_type; type vendor_surfaceflinger_vndservice, vndservice_manager_type; type eco_service, vndservice_manager_type; diff --git a/whitechapel_pro/vndservice_contexts b/whitechapel_pro/vndservice_contexts index e7fb433..16ae43a 100644 --- a/whitechapel_pro/vndservice_contexts +++ b/whitechapel_pro/vndservice_contexts @@ -1,4 +1,3 @@ rlsservice u:object_r:rls_service:s0 -displaycolor u:object_r:vendor_displaycolor_service:s0 Exynos.HWCService u:object_r:vendor_surfaceflinger_vndservice:s0 media.ecoservice u:object_r:eco_service:s0 diff --git a/whitechapel_pro/wifi_sniffer.te b/whitechapel_pro/wifi_sniffer.te new file mode 100644 index 0000000..1faffce --- /dev/null +++ b/whitechapel_pro/wifi_sniffer.te @@ -0,0 +1,4 @@ +userdebug_or_eng(` +allow wifi_sniffer sysfs_wifi:dir search; +allow wifi_sniffer sysfs_wifi:file rw_file_perms; +') diff --git a/widevine/file_contexts b/widevine/file_contexts index e152941..92aed3c 100644 --- a/widevine/file_contexts +++ b/widevine/file_contexts @@ -1,5 +1,5 @@ -/vendor/bin/hw/android\.hardware\.drm@1\.4-service\.widevine u:object_r:hal_drm_widevine_exec:s0 -/vendor/bin/hw/android\.hardware\.drm@[0-9]+\.[0-9]+-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 +/vendor/bin/hw/android\.hardware\.drm-service\.widevine u:object_r:hal_drm_widevine_exec:s0 +/vendor/bin/hw/android\.hardware\.drm-service\.clearkey u:object_r:hal_drm_clearkey_exec:s0 # Data -/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 +/data/vendor/mediadrm(/.*)? u:object_r:mediadrm_vendor_data_file:s0 diff --git a/widevine/service_contexts b/widevine/service_contexts new file mode 100644 index 0000000..6989dde --- /dev/null +++ b/widevine/service_contexts @@ -0,0 +1 @@ +android.hardware.drm.IDrmFactory/widevine u:object_r:hal_drm_service:s0 |