diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2018-03-25 05:16:31 -0600 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2018-03-25 05:16:31 -0600 |
| commit | 2918ad2d956d598b3da1decfc981d13c8a4992fe (patch) | |
| tree | 814a2f57609d76e4083292d4b8556c7072b40a94 | |
| parent | 89928158b8d606de485295c48f45d097fa75c181 (diff) | |
| parent | f17538977d842e8d1096abc10a4bdf7da01c5dc5 (diff) | |
| download | android_device_qcom_sepolicy-2918ad2d956d598b3da1decfc981d13c8a4992fe.tar.gz android_device_qcom_sepolicy-2918ad2d956d598b3da1decfc981d13c8a4992fe.tar.bz2 android_device_qcom_sepolicy-2918ad2d956d598b3da1decfc981d13c8a4992fe.zip | |
Merge f17538977d842e8d1096abc10a4bdf7da01c5dc5 on remote branch
Change-Id: I47b8996b7913f264864ecc9c0e69194390b7b01d
| -rw-r--r-- | apq8098_latv/file_contexts | 4 | ||||
| -rw-r--r-- | common/device.te | 3 | ||||
| -rw-r--r-- | common/file.te | 6 | ||||
| -rw-r--r-- | common/file_contexts | 11 | ||||
| -rw-r--r-- | common/hvdcp.te | 4 | ||||
| -rw-r--r-- | common/radio.te | 1 | ||||
| -rw-r--r-- | common/spdaemon.te | 3 | ||||
| -rw-r--r-- | msm8937/file_contexts | 1 | ||||
| -rw-r--r-- | msm8953/file_contexts | 5 | ||||
| -rw-r--r-- | msm8953/genfs_contexts | 29 | ||||
| -rw-r--r-- | msm8953/init_shell.te | 2 | ||||
| -rw-r--r-- | msm8953/mm-qcamerad.te | 3 | ||||
| -rw-r--r-- | msm8996/file_contexts | 2 | ||||
| -rw-r--r-- | msm8998/file_contexts | 4 | ||||
| -rw-r--r-- | private/file_contexts | 1 | ||||
| -rw-r--r-- | private/mmi_sys.te | 2 | ||||
| -rw-r--r-- | qcs605/file.te | 3 | ||||
| -rw-r--r-- | qcs605/file_contexts | 8 | ||||
| -rw-r--r-- | qcs605/property_contexts | 1 | ||||
| -rw-r--r-- | qcs605/qmmf-servd.te | 2 | ||||
| -rw-r--r-- | qcs605/qmmf-webserverd.te | 59 | ||||
| -rw-r--r-- | sdm660/file_contexts | 2 | ||||
| -rw-r--r-- | sdm670/file_contexts | 2 | ||||
| -rw-r--r-- | sdm845/file_contexts | 1 |
24 files changed, 135 insertions, 24 deletions
diff --git a/apq8098_latv/file_contexts b/apq8098_latv/file_contexts index 3568088a..583cd2d6 100644 --- a/apq8098_latv/file_contexts +++ b/apq8098_latv/file_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved. +# Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -72,6 +72,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 @@ -105,7 +106,6 @@ # /sys/devices/soc/75ba000.i2c/i2c-12/12-0020/input/input[0-9]/secure_touch_enable u:object_r:sysfs_securetouch:s0 /sys/devices/virtual/graphics/fb([0-3])+/lineptr_value u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_persist_mode u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/cec/enable u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/cec/enable_compliance u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/cec/logical_addr u:object_r:sysfs_graphics:s0 diff --git a/common/device.te b/common/device.te index f4dea16d..1d919f78 100644 --- a/common/device.te +++ b/common/device.te @@ -100,6 +100,9 @@ type sec_nvm_device, dev_type; # Define cryptoapp device type cryptoapp_device, dev_type; +# Define spdaemon_ssr device +type spdaemon_ssr_device, dev_type; + # Define qsee_ipc_irq_spss device type qsee_ipc_irq_spss_device, dev_type; diff --git a/common/file.te b/common/file.te index 994cc040..2f1895c3 100644 --- a/common/file.te +++ b/common/file.te @@ -85,12 +85,6 @@ type sysfs_usb_mtp_device, sysfs_type, fs_type; # sysfs module for usb_f_mtp/parameters type sysfs_spmi_device, sysfs_type, fs_type; -# sysfs devices for enable -type sysfs_dcc_device, sysfs_type, fs_type; - -# sysfs devices for video4linux -type sysfs_video4linux_device, sysfs_type, fs_type; - # sysfs vadc device for hvdcp/quickcharge type sysfs_vadc_dev, sysfs_type, fs_type; # sysfs spmi device for hvdcp/quickcharge diff --git a/common/file_contexts b/common/file_contexts index 1f727100..6cb0cf4a 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -23,6 +23,7 @@ /dev/sec_nvm_.* u:object_r:sec_nvm_device:s0 /dev/sp_keymaster u:object_r:sp_keymaster_device:s0 /dev/cryptoapp u:object_r:cryptoapp_device:s0 +/dev/spdaemon_ssr u:object_r:spdaemon_ssr_device:s0 /dev/qsee_ipc_irq_spss u:object_r:qsee_ipc_irq_spss_device:s0 /dev/radio0 u:object_r:fm_radio_device:s0 /dev/btpower u:object_r:bt_device:s0 @@ -331,15 +332,18 @@ /sys/devices/f9200000.*/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 /sys/devices/msm_dwc3/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 /sys/devices/msm_otg/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 -/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb2/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 -/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb2/power_supply/pc_port(/.*)? u:object_r:sysfs_usb_supply:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb[0-9]+/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb[0-9]+/power_supply/pc_port(/.*)? u:object_r:sysfs_usb_supply:s0 /sys/devices(/platform)?/soc/[a-z0-9]+.i2c/i2c-[0-9]+/[0-9]+-[a-z0-9]+/[a-z0-9]+.i2c:qcom,[a-z0-9]+@[a-z0-9]:qcom,smb[0-9]+-charger@[0-9]+/power_supply/parallel(/.*)? u:object_r:sysfs_usb_supply:s0 /sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,usb-pdphy@[0-9]+/usbpd/usbpd[0-9](/.*)? u:object_r:sysfs_usbpd_device:s0 /sys/devices/platform/battery_current_limit u:object_r:sysfs_thermal:s0 /sys/devices/qpnp-charger.*/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 -/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb2/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smb[0-9]+/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qcom,qpnp-smbcharger/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qpnp,fg/power_supply/bms(/.*)? u:object_r:sysfs_battery_supply:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,spmi/spmi-[0-9]/spmi0-0[0-9]/[a-z0-9]+.qcom,spmi:qcom,[a-z0-9]+@[0-9]:qpnp,qg/power_supply/bms(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/class/qcom-battery(/.*)? u:object_r:sysfs_battery_supply:s0 +/sys/class/charge_pump(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/devices(/platform)?/soc/qpnp-linear-charger-[a-z0-9]+/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/devices(/platform)?/soc/qpnp-vm-bms-[a-z0-9]+/power_supply/bms(/.*)? u:object_r:sysfs_battery_supply:s0 /sys/devices/soc/qpnp-smbcharger-[a-z0-9]+/power_supply/battery(/.*)? u:object_r:sysfs_battery_supply:s0 @@ -404,6 +408,7 @@ /sys/devices/virtual/graphics/fb([0-3])+/dyn_pu u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/pp_bl_event u:object_r:sysfs_graphics:s0 +/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_persist_mode u:object_r:sysfs_graphics:s0 /sys/devices/virtual/rotator/mdss_rotator/caps u:object_r:sysfs_graphics:s0 /sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes u:object_r:sysfs_graphics:s0 diff --git a/common/hvdcp.te b/common/hvdcp.te index e176c9da..fc9759b7 100644 --- a/common/hvdcp.te +++ b/common/hvdcp.te @@ -7,13 +7,13 @@ init_daemon_domain(hvdcp) # Add rules for access permissions allow hvdcp hvdcp_device:chr_file rw_file_perms; +allow hvdcp qg_device:chr_file rw_file_perms; allow hvdcp { sysfs_battery_supply sysfs_usb_supply sysfs_usbpd_device sysfs_vadc_dev sysfs_spmi_dev - qg_device }:dir r_dir_perms; allow hvdcp { @@ -22,7 +22,6 @@ allow hvdcp { sysfs_usbpd_device sysfs_vadc_dev sysfs_spmi_dev - qg_device }:file rw_file_perms; allow hvdcp { @@ -30,7 +29,6 @@ allow hvdcp { sysfs_usb_supply sysfs_vadc_dev sysfs_spmi_dev - qg_device }:lnk_file r_file_perms; allow hvdcp self:capability { setgid setuid }; diff --git a/common/radio.te b/common/radio.te index acb7d814..1bee9d68 100644 --- a/common/radio.te +++ b/common/radio.te @@ -17,3 +17,4 @@ userdebug_or_eng(` allow radio hal_imsrcsd_hwservice:hwservice_manager find; binder_call(radio, hal_rcsservice) ') +hal_client_domain(radio, hal_perf) diff --git a/common/spdaemon.te b/common/spdaemon.te index fc018343..30292bfa 100644 --- a/common/spdaemon.te +++ b/common/spdaemon.te @@ -47,6 +47,9 @@ allow spdaemon sp_keymaster_device:chr_file rw_file_perms; # Allow access to cryptoapp device allow spdaemon cryptoapp_device:chr_file rw_file_perms; +# Allow access to spdaemon_ssr device +allow spdaemon spdaemon_ssr_device:chr_file rw_file_perms; + # Allow access to ion device allow spdaemon ion_device:chr_file rw_file_perms; diff --git a/msm8937/file_contexts b/msm8937/file_contexts index d119cf96..cb9a2e8f 100644 --- a/msm8937/file_contexts +++ b/msm8937/file_contexts @@ -82,6 +82,7 @@ /dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8953/file_contexts b/msm8953/file_contexts index a9c0142a..32cef739 100644 --- a/msm8953/file_contexts +++ b/msm8953/file_contexts @@ -56,10 +56,6 @@ /sys/devices/platform/soc/200f000\.qcom,spmi/spmi-0/spmi0-03/200f000\.qcom,spmi:qcom,pmi8950@3:qcom,haptic@c000/leds/vibrator/activate u:object_r:sysfs_spmi_device:s0 /sys/devices/platform/soc/200f000.qcom,spmi/spmi-0/spmi0-03/200f000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator/activate u:object_r:sysfs_spmi_device:s0 -/sys/devices/platform/soc/b3000.dcc(/.*)? u:object_r:sysfs_dcc_device:s0 - -#video4linux_ -/sys/devices/platform/soc/1b00000.qcom,msm-cam/video4linux/video0/name u:object_r:sysfs_video4linux_device:s0 ############################################################################################ #Same hal process libs @@ -87,5 +83,6 @@ /dev/block/platform/soc/7824900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/sbl1_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8953/genfs_contexts b/msm8953/genfs_contexts new file mode 100644 index 00000000..a6df7878 --- /dev/null +++ b/msm8953/genfs_contexts @@ -0,0 +1,29 @@ +# Copyright (c) 2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +genfscon sysfs /devices/platform/soc/1b00000.qcom,msm-cam/video4linux/video0/name u:object_r:sysfs_graphics:s0 + diff --git a/msm8953/init_shell.te b/msm8953/init_shell.te index 2a2bef12..d448c248 100644 --- a/msm8953/init_shell.te +++ b/msm8953/init_shell.te @@ -36,5 +36,3 @@ allow qti_init_shell { allow qti_init_shell regionalization_file:dir r_dir_perms; allow qti_init_shell regionalization_file:file create_file_perms; -# For dcc -allow qti_init_shell sysfs_dcc_device:file rw_file_perms; diff --git a/msm8953/mm-qcamerad.te b/msm8953/mm-qcamerad.te index 5ed285a5..354b6133 100644 --- a/msm8953/mm-qcamerad.te +++ b/msm8953/mm-qcamerad.te @@ -26,5 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #for v4L node "name" access -allow mm-qcamerad sysfs_graphics:file r_file_perms; -allow mm-qcamerad sysfs_video4linux_device:file rw_file_perms; +allow mm-qcamerad sysfs_graphics:file rw_file_perms; diff --git a/msm8996/file_contexts b/msm8996/file_contexts index 591522aa..dd470338 100644 --- a/msm8996/file_contexts +++ b/msm8996/file_contexts @@ -132,6 +132,7 @@ /dev/block/platform/soc/7464900.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 @@ -151,6 +152,7 @@ /dev/block/platform/soc/624000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/624000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 diff --git a/msm8998/file_contexts b/msm8998/file_contexts index 713ae22c..d8a7e66c 100644 --- a/msm8998/file_contexts +++ b/msm8998/file_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2016-2017, The Linux Foundation. All rights reserved. +# Copyright (c) 2016-2018, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -70,6 +70,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1da4000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 @@ -91,4 +92,3 @@ # /sys/devices/soc/75ba000.i2c/i2c-12/12-0020/input/input[0-9]/secure_touch_enable u:object_r:sysfs_securetouch:s0 /sys/devices/virtual/graphics/fb([0-3])+/lineptr_value u:object_r:sysfs_graphics:s0 -/sys/devices/virtual/graphics/fb([0-3])+/msm_fb_persist_mode u:object_r:sysfs_graphics:s0 diff --git a/private/file_contexts b/private/file_contexts index 85d9c860..129bf5c6 100644 --- a/private/file_contexts +++ b/private/file_contexts @@ -48,6 +48,7 @@ /system/bin/qvrservice u:object_r:qvrd_exec:s0 /system/bin/wfdservice u:object_r:wfdservice_exec:s0 /system/bin/mmi u:object_r:mmi_sys_exec:s0 +/system/bin/mmi_diag u:object_r:mmi_sys_exec:s0 ####### data files ################ /data/misc/seemp(/.*)? u:object_r:seemp_data_file:s0 diff --git a/private/mmi_sys.te b/private/mmi_sys.te index 790d1125..11bda28c 100644 --- a/private/mmi_sys.te +++ b/private/mmi_sys.te @@ -40,3 +40,5 @@ allow mmi_sys ion_device:chr_file { ioctl open }; allow mmi_sys surfaceflinger_service:service_manager find; allow mmi_sys hal_graphics_mapper_hwservice:hwservice_manager find; hwbinder_use(mmi_sys) +get_prop(mmi_sys, hwservicemanager_prop); +allow mmi_sys mmi_sys_exec:file execute_no_trans; diff --git a/qcs605/file.te b/qcs605/file.te index c403cfec..ed9efc58 100644 --- a/qcs605/file.te +++ b/qcs605/file.te @@ -27,3 +27,6 @@ # qmmf data file type qmmf_data_file, file_type, data_file_type; + +# vam data file +type qmmf_vam_data_file, file_type, data_file_type; diff --git a/qcs605/file_contexts b/qcs605/file_contexts index 40b3d162..4b5315c8 100644 --- a/qcs605/file_contexts +++ b/qcs605/file_contexts @@ -48,6 +48,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/frp u:object_r:frp_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/mdtp u:object_r:mdtp_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/storsec u:object_r:boot_block_device:s0 #rawdump partition /dev/block/platform/soc/1d84000.ufshc/by-name/rawdump u:object_r:rawdump_block_device:s0 @@ -78,6 +79,8 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #for eMMC # A/B partitions. @@ -106,6 +109,8 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #non A/B /dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 @@ -125,6 +130,7 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/storsec u:object_r:boot_block_device:s0 #rawdump partition /dev/block/platform/soc/7c4000.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 @@ -151,6 +157,8 @@ # qmmf server /(vendor|system/vendor)/bin/qmmf-server u:object_r:qmmf-servd_exec:s0 +/(vendor|system/vendor)/bin/qmmf-webserver-zygote u:object_r:qmmf-webserverd_exec:s0 # qmmf data files /data/misc/qmmf(/.*)? u:object_r:qmmf_data_file:s0 +/data/misc/vam(/.*)? u:object_r:qmmf_vam_data_file:s0 diff --git a/qcs605/property_contexts b/qcs605/property_contexts index 057446f0..4faa3e08 100644 --- a/qcs605/property_contexts +++ b/qcs605/property_contexts @@ -27,3 +27,4 @@ qmmf. u:object_r:qmmf_prop:s0 persist.qmmf. u:object_r:qmmf_prop:s0 +vam. u:object_r:qmmf_prop:s0 diff --git a/qcs605/qmmf-servd.te b/qcs605/qmmf-servd.te index 080d528b..6dda04a4 100644 --- a/qcs605/qmmf-servd.te +++ b/qcs605/qmmf-servd.te @@ -76,3 +76,5 @@ allow qmmf-servd ion_device:chr_file r_file_perms; hal_client_domain(qmmf-servd, hal_graphics_allocator) hal_client_domain(qmmf-servd, hal_configstore) r_dir_file(qmmf-servd, oemfs) + +binder_call(qmmf-servd, qmmf-webserverd) diff --git a/qcs605/qmmf-webserverd.te b/qcs605/qmmf-webserverd.te new file mode 100644 index 00000000..fc99edb2 --- /dev/null +++ b/qcs605/qmmf-webserverd.te @@ -0,0 +1,59 @@ +# Copyright (c) 2017-2018, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +type qmmf-webserverd, domain; +type qmmf-webserverd_exec, exec_type, vendor_file_type, file_type; +init_daemon_domain(qmmf-webserverd) + +net_domain(qmmf-webserverd) + +vndbinder_use(qmmf-webserverd); +binder_call(qmmf-webserverd, qmmf-servd) + +allow qmmf-webserverd { qmmf_system_service + qmmf_recorder_service + qmmf_audio_service + qmmf_player_service + qmmf_display_service + }:service_manager find; + +allow qmmf-webserverd ion_device:chr_file r_file_perms; +allow qmmf-webserverd proc_net:file r_file_perms; + +allow qmmf-webserverd qmmf_vam_data_file:dir create_dir_perms; +allow qmmf-webserverd qmmf_vam_data_file:file create_file_perms; + +allow qmmf-webserverd qmmf_data_file:dir rw_dir_perms; +allow qmmf-webserverd qmmf_data_file:file create_file_perms; + +allow qmmf-webserverd camera_data_file:dir w_dir_perms; +allow qmmf-webserverd camera_data_file:file create_file_perms; + +set_prop(qmmf-webserverd, qmmf_prop) + +r_dir_file(qmmf-webserverd, input_device); +allow qmmf-webserverd input_device:chr_file r_file_perms; diff --git a/sdm660/file_contexts b/sdm660/file_contexts index 042bf6e0..f0972327 100644 --- a/sdm660/file_contexts +++ b/sdm660/file_contexts @@ -107,6 +107,7 @@ /dev/block/platform/soc/c0c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/c0c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/c0c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 @@ -129,6 +130,7 @@ /dev/block/platform/soc/1da4000.ufshc/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/system_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1da4000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/vendor_[ab] u:object_r:system_block_device:s0 /dev/block/platform/soc/1da4000.ufshc/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 diff --git a/sdm670/file_contexts b/sdm670/file_contexts index af38f8bc..ade87276 100644 --- a/sdm670/file_contexts +++ b/sdm670/file_contexts @@ -80,6 +80,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #for eMMC # A/B partitions. @@ -109,6 +110,7 @@ /dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/7c4000.sdhci/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 #non A/B /dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 diff --git a/sdm845/file_contexts b/sdm845/file_contexts index 256c53c9..f597ab87 100644 --- a/sdm845/file_contexts +++ b/sdm845/file_contexts @@ -76,6 +76,7 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/storsec_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/1d84000.ufshc/by-name/ImageFv_[ab] u:object_r:custom_ab_block_device:s0 # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1d84000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 |