diff options
| author | Michael Bestas <mkbestas@lineageos.org> | 2018-04-05 15:11:49 +0300 |
|---|---|---|
| committer | Michael Bestas <mkbestas@lineageos.org> | 2018-04-05 15:11:49 +0300 |
| commit | 0191dee2d147ba8bc81e4bd5d380e381255b1764 (patch) | |
| tree | 297d8de7a8d3c65562c0afc5d98085a2b307aa11 | |
| parent | 0a4b927445c6ff366c742880a4252c32e5fc452e (diff) | |
| parent | 2918ad2d956d598b3da1decfc981d13c8a4992fe (diff) | |
| download | android_device_qcom_sepolicy-0191dee2d147ba8bc81e4bd5d380e381255b1764.tar.gz android_device_qcom_sepolicy-0191dee2d147ba8bc81e4bd5d380e381255b1764.tar.bz2 android_device_qcom_sepolicy-0191dee2d147ba8bc81e4bd5d380e381255b1764.zip | |
Merge tag 'LA.UM.6.6.r1-07200-89xx.0' of https://source.codeaurora.org/quic/la/device/qcom/sepolicy into HEAD
"LA.UM.6.6.r1-07200-89xx.0"
| -rw-r--r-- | apq8098_latv/file_contexts | 1 | ||||
| -rw-r--r-- | msm8937/file_contexts | 1 | ||||
| -rw-r--r-- | msm8953/file_contexts | 1 | ||||
| -rw-r--r-- | msm8996/file_contexts | 2 | ||||
| -rw-r--r-- | msm8998/file_contexts | 1 | ||||
| -rw-r--r-- | qcs605/file.te | 3 | ||||
| -rw-r--r-- | qcs605/file_contexts | 4 | ||||
| -rw-r--r-- | qcs605/property_contexts | 1 | ||||
| -rw-r--r-- | qcs605/qmmf-servd.te | 2 | ||||
| -rw-r--r-- | qcs605/qmmf-webserverd.te | 59 | ||||
| -rw-r--r-- | sdm660/file_contexts | 2 | ||||
| -rw-r--r-- | sdm670/file_contexts | 2 | ||||
| -rw-r--r-- | sdm845/file_contexts | 1 |
13 files changed, 80 insertions, 0 deletions
diff --git a/apq8098_latv/file_contexts b/apq8098_latv/file_contexts index 7824445d..e36f848f 100644 --- a/apq8098_latv/file_contexts +++ b/apq8098_latv/file_contexts @@ -72,6 +72,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 diff --git a/msm8937/file_contexts b/msm8937/file_contexts index 580119ca..b8962180 100644 --- a/msm8937/file_contexts +++ b/msm8937/file_contexts @@ -82,6 +82,7 @@ /dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8953/file_contexts b/msm8953/file_contexts index c6f61199..80eb0d31 100644 --- a/msm8953/file_contexts +++ b/msm8953/file_contexts @@ -83,5 +83,6 @@ /dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8996/file_contexts b/msm8996/file_contexts index f7b8f40b..cff79328 100644 --- a/msm8996/file_contexts +++ b/msm8996/file_contexts @@ -132,6 +132,7 @@ /dev/block/platform/soc/7464900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 @@ -151,6 +152,7 @@ /dev/block/platform/soc/624000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/624000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8998/file_contexts b/msm8998/file_contexts index c113a168..9dc95fa2 100644 --- a/msm8998/file_contexts +++ b/msm8998/file_contexts @@ -74,6 +74,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 diff --git a/qcs605/file.te b/qcs605/file.te index c403cfec..ed9efc58 100644 --- a/qcs605/file.te +++ b/qcs605/file.te @@ -27,3 +27,6 @@ # qmmf data file type qmmf_data_file, file_type, data_file_type; + +# vam data file +type qmmf_vam_data_file, file_type, data_file_type; diff --git a/qcs605/file_contexts b/qcs605/file_contexts index 2ecfe880..4b5315c8 100644 --- a/qcs605/file_contexts +++ b/qcs605/file_contexts @@ -80,6 +80,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #for eMMC # A/B partitions. @@ -109,6 +110,7 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #non A/B /dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 @@ -155,6 +157,8 @@ # qmmf server /(vendor|system/vendor)/bin/qmmf-server u:object_r:qmmf-servd_exec:s0 +/(vendor|system/vendor)/bin/qmmf-webserver-zygote u:object_r:qmmf-webserverd_exec:s0 # qmmf data files /data/misc/qmmf(/.*)? u:object_r:qmmf_data_file:s0 +/data/misc/vam(/.*)? u:object_r:qmmf_vam_data_file:s0 diff --git a/qcs605/property_contexts b/qcs605/property_contexts index 057446f0..4faa3e08 100644 --- a/qcs605/property_contexts +++ b/qcs605/property_contexts @@ -27,3 +27,4 @@ qmmf. u:object_r:qmmf_prop:s0 persist.qmmf. u:object_r:qmmf_prop:s0 +vam. u:object_r:qmmf_prop:s0 diff --git a/qcs605/qmmf-servd.te b/qcs605/qmmf-servd.te index 080d528b..6dda04a4 100644 --- a/qcs605/qmmf-servd.te +++ b/qcs605/qmmf-servd.te @@ -76,3 +76,5 @@ allow qmmf-servd ion_device:chr_file r_file_perms; hal_client_domain(qmmf-servd, hal_graphics_allocator) hal_client_domain(qmmf-servd, hal_configstore) r_dir_file(qmmf-servd, oemfs) + +binder_call(qmmf-servd, qmmf-webserverd) diff --git a/qcs605/qmmf-webserverd.te b/qcs605/qmmf-webserverd.te new file mode 100644 index 00000000..fc99edb2 --- /dev/null +++ b/qcs605/qmmf-webserverd.te @@ -0,0 +1,59 @@ +# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type qmmf-webserverd, domain; +type qmmf-webserverd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(qmmf-webserverd) + +net_domain(qmmf-webserverd) + +vndbinder_use(qmmf-webserverd); +binder_call(qmmf-webserverd, qmmf-servd) + +allow qmmf-webserverd { qmmf_system_service + qmmf_recorder_service + qmmf_audio_service + qmmf_player_service + qmmf_display_service + }:service_manager find; + +allow qmmf-webserverd ion_device:chr_file r_file_perms; +allow qmmf-webserverd proc_net:file r_file_perms; + +allow qmmf-webserverd qmmf_vam_data_file:dir create_dir_perms; +allow qmmf-webserverd qmmf_vam_data_file:file create_file_perms; + +allow qmmf-webserverd qmmf_data_file:dir rw_dir_perms; +allow qmmf-webserverd qmmf_data_file:file create_file_perms; + +allow qmmf-webserverd camera_data_file:dir w_dir_perms; +allow qmmf-webserverd camera_data_file:file create_file_perms; + +set_prop(qmmf-webserverd, qmmf_prop) + +r_dir_file(qmmf-webserverd, input_device); +allow qmmf-webserverd input_device:chr_file r_file_perms; diff --git a/sdm660/file_contexts b/sdm660/file_contexts index dec0949d..b38c436b 100644 --- a/sdm660/file_contexts +++ b/sdm660/file_contexts @@ -107,6 +107,7 @@ /dev/block/platform/soc/c0c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 @@ -129,6 +130,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 diff --git a/sdm670/file_contexts b/sdm670/file_contexts index 38bf6663..9c12c02e 100644 --- a/sdm670/file_contexts +++ b/sdm670/file_contexts @@ -80,6 +80,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #for eMMC # A/B partitions. @@ -109,6 +110,7 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #non A/B /dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 diff --git a/sdm845/file_contexts b/sdm845/file_contexts index 020f4da6..4cceacb7 100644 --- a/sdm845/file_contexts +++ b/sdm845/file_contexts @@ -76,6 +76,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1d84000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 |