diff options
author | Jessica Wagantall <jwagantall@cyngn.com> | 2016-01-28 12:56:08 -0800 |
---|---|---|
committer | Jessica Wagantall <jwagantall@cyngn.com> | 2016-01-28 12:58:58 -0800 |
commit | a26d342dae9438bc3145e733116934ff8761cf74 (patch) | |
tree | 65630d678890729fadf46c4df0c81cb469af2fcb | |
parent | 134a630642fcdd6338d9fc1f0bff81e9065c9e31 (diff) | |
parent | 017145b530053b8972adfa7a6e4f1837a4430587 (diff) | |
download | android_device_qcom_sepolicy-a26d342dae9438bc3145e733116934ff8761cf74.tar.gz android_device_qcom_sepolicy-a26d342dae9438bc3145e733116934ff8761cf74.tar.bz2 android_device_qcom_sepolicy-a26d342dae9438bc3145e733116934ff8761cf74.zip |
Merge remote-tracking branch 'remotes/github/cm-13.0' into HEAD
RM-213
Change-Id: I773d69293304b12cc5f9b1d30145cb9165f7aaab
44 files changed, 445 insertions, 14 deletions
diff --git a/common/device.te b/common/device.te index 97df8a70..4778a3b4 100644 --- a/common/device.te +++ b/common/device.te @@ -8,6 +8,9 @@ type hsic_device, dev_type; #Define the mhi device type mhi_device, dev_type; +#Define the bhi device +type bhi_device, dev_type; + #device type for smd device nodes, ie /dev/smd* type smd_device, dev_type; diff --git a/common/dpmservice_app.te b/common/dpmservice_app.te index 6dc8748b..47f23bc0 100644 --- a/common/dpmservice_app.te +++ b/common/dpmservice_app.te @@ -42,3 +42,9 @@ allow dpmservice_app system_api_service:service_manager find; #allow dpmservice to search mediaserver and radio service. allow dpmservice_app mediaserver_service:service_manager find; allow dpmservice_app radio_service:service_manager find; + +#don't audit /proc/<pid>/stat denials +dontaudit dpmservice_app domain:dir r_dir_perms; + +#allow dpmservice to get running time for apps +r_dir_file(dpmservice_app, appdomain) diff --git a/common/file.te b/common/file.te index 41deb7fe..4c1469b7 100644 --- a/common/file.te +++ b/common/file.te @@ -171,3 +171,6 @@ type ssr_ramdump_data_file, file_type, data_file_type; # qtitetherservice files type qtitetherservice_app_data_file, file_type, data_file_type; + +# Boot KPI Marker files +type sys_bootkpi, sysfs_type, file_type; diff --git a/common/file_contexts b/common/file_contexts index 462c484f..1f01146e 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -7,6 +7,7 @@ /dev/hsicctl.* u:object_r:hsic_device:s0 /dev/kgsl-3d0 u:object_r:gpu_device:s0 /dev/mhi_pipe_.* u:object_r:mhi_device:s0 +/dev/bhi u:object_r:bhi_device:s0 /dev/msm_.* u:object_r:audio_device:s0 /dev/usf1 u:object_r:usf_device:s0 /dev/msm_dsps u:object_r:sensors_device:s0 diff --git a/common/genfs_contexts b/common/genfs_contexts index f92adbdb..c3d58b54 100755 --- a/common/genfs_contexts +++ b/common/genfs_contexts @@ -1,2 +1,3 @@ genfscon proc /asound/card0/state u:object_r:proc_audiod:s0 genfscon proc /proc/sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 +genfscon sys /sys/bootkpi/marker_entry u:object_r:sys_bootkpi:s0 diff --git a/common/hostapd.te b/common/hostapd.te index 09a24c21..a6272509 100644 --- a/common/hostapd.te +++ b/common/hostapd.te @@ -42,3 +42,4 @@ allow hostapd cnd:{ allow hostapd cnd:fifo_file r_file_perms; allow hostapd smem_log_device:chr_file rw_file_perms; allow hostapd fstman:unix_dgram_socket sendto; +unix_socket_send(hostapd, wpa, netd) diff --git a/common/init_shell.te b/common/init_shell.te index 70abe0b0..36e18462 100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -11,6 +11,8 @@ allow qti_init_shell rootfs:file entrypoint; # this is needed for dynamic_fps and bw_mode_bitmap allow qti_init_shell sysfs_graphics:file {rw_file_perms setattr}; allow qti_init_shell sysfs:file setattr; +#For chown on scaling_min/scaling_max nodes. +allow qti_init_shell sysfs_devices_system_cpu:file setattr; allow qti_init_shell persist_file:dir w_dir_perms; allow qti_init_shell persist_file:file create_file_perms; @@ -25,6 +27,9 @@ allow qti_init_shell fm_radio_device:chr_file r_file_perms; #give permission to read/write fm dir for calibration file allow qti_init_shell fm_data_file: dir rw_dir_perms; +#allow shell to access /dev/vm_bms +allow qti_init_shell vm_bms_device:chr_file getattr; + # create/open, read/write permission for fm calibration file. allow qti_init_shell fm_data_file: file create_file_perms; @@ -73,10 +78,15 @@ allow qti_init_shell { fm_prop usf_prop qemu_hw_mainkeys_prop + alarm_boot_prop + boot_animation_prop # Needed for starting console in userdebug mode userdebug_or_eng(`ctl_console_prop coresight_prop') rmnet_mux_prop ctl_hbtp_prop + #Needed for starting vm_bms executable post-boot + vm_bms_prop + radio_noril_prop }:property_service set; allow qti_init_shell efs_boot_dev:blk_file r_file_perms; diff --git a/common/location.te b/common/location.te index 805130c3..aa0c8e61 100644 --- a/common/location.te +++ b/common/location.te @@ -13,7 +13,7 @@ qmux_socket(location) binder_use(location) binder_call(location, system_server) -allow location location_data_file:dir rw_dir_perms; +allow location location_data_file:dir create_dir_perms; allow location location_data_file:{ file fifo_file } create_file_perms; allow location location_data_file:sock_file write; allow location location_exec:file x_file_perms; @@ -49,3 +49,6 @@ allow location persist_file:dir r_dir_perms; #Allow access to netmgrd socket netmgr_socket(location); + +#Allow access to properties +set_prop(location, location_prop); diff --git a/common/location_app.te b/common/location_app.te index a2ef5690..3c8f5d6a 100644 --- a/common/location_app.te +++ b/common/location_app.te @@ -6,10 +6,11 @@ qmux_socket(location_app) #Permissions for JDWP userdebug_or_eng(` + net_domain(location_app) allow location_app { adbd su }:unix_stream_socket connectto; - allow location_app surfaceflinger_service:service_manager find; ') +allow location_app surfaceflinger_service:service_manager find; allow location_app location_app_data_file:dir create_dir_perms; allow location_app location_app_data_file:file create_file_perms ; allow location_app location_data_file:dir rw_dir_perms; diff --git a/common/mdm_helper.te b/common/mdm_helper.te index 61c9a22d..d0c4b205 100644 --- a/common/mdm_helper.te +++ b/common/mdm_helper.te @@ -48,3 +48,7 @@ r_dir_file(mdm_helper, firmware_file) #Needed in order to collect ramdumps allow mdm_helper tombstone_data_file:dir create_dir_perms; allow mdm_helper tombstone_data_file:file create_file_perms; + +#Needed to allow boot over PCIe +allow mdm_helper bhi_device:chr_file rw_file_perms; +allow mdm_helper mhi_device:chr_file rw_file_perms; diff --git a/common/mediaserver.te b/common/mediaserver.te index 10d43afd..442edc4a 100644 --- a/common/mediaserver.te +++ b/common/mediaserver.te @@ -76,3 +76,6 @@ allow mediaserver { STAProxyService wfdservice_service }:service_manager find; allow mediaserver firmware_file:dir search; allow mediaserver firmware_file:file { read getattr open }; allow mediaserver surfaceflinger:unix_stream_socket rw_socket_perms; + +# Rule for RILD to talk to peripheral manager +use_per_mgr(mediaserver); diff --git a/common/mm-pp-daemon.te b/common/mm-pp-daemon.te index 11bb6ad1..a9e81e76 100644 --- a/common/mm-pp-daemon.te +++ b/common/mm-pp-daemon.te @@ -43,6 +43,9 @@ userdebug_or_eng(` allow mm-pp-daemon { shell_exec zygote_exec }:file rx_file_perms; allow mm-pp-daemon system_file:file x_file_perms; allow mm-pp-daemon self:process ptrace; + + # This allows pp-daemon to set debug property + allow mm-pp-daemon debug_prop:property_service set; ') # Allow mm-pp-daemon to change the brightness of the target during display diff --git a/common/mm-qcamerad.te b/common/mm-qcamerad.te index adbf86c5..e7d2737d 100644 --- a/common/mm-qcamerad.te +++ b/common/mm-qcamerad.te @@ -5,6 +5,7 @@ init_daemon_domain(mm-qcamerad) #added to support EZTune for camera userdebug_or_eng(` allow mm-qcamerad debugfs:dir r_dir_perms; + allow mm-qcamerad debugfs:file read; allow mm-qcamerad camera_data_file:file create_file_perms; allow mm-qcamerad self:tcp_socket create_stream_socket_perms; allow mm-qcamerad node:tcp_socket node_bind; @@ -13,6 +14,10 @@ userdebug_or_eng(` allow mm-qcamerad port:tcp_socket name_bind; allow mm-qcamerad self:tcp_socket { accept listen }; allow mm-qcamerad camera_data_file:file create_file_perms; + + # mm-qcamerad needs to set persist.camera. property + set_prop(mm-qcamerad, camera_prop) + ') #Communicate with user land process through domain socket @@ -49,7 +54,12 @@ r_dir_file(mm-qcamerad, adsprpcd_file); r_dir_file(mm-qcamerad, firmware_file) allow mm-qcamerad graphics_device:dir r_file_perms; +allow mm-qcamerad graphics_device:dir r_dir_perms; # /data/fdAlbum type_transition mm-qcamerad system_data_file:file camera_data_file "fdAlbum"; allow mm-qcamerad camera_data_file:file create_file_perms; + +#Allow access to /dev/graphics/fb* for screen capture +allow mm-qcamerad graphics_device:chr_file rw_file_perms; +unix_socket_connect(mm-qcamerad, property, init) diff --git a/common/net.te b/common/net.te index f8cacb12..e5e3df03 100644 --- a/common/net.te +++ b/common/net.te @@ -3,3 +3,4 @@ unix_socket_connect(netdomain, cnd, cnd) # allow netdomain access to dpmd unix_socket_connect(netdomain, dpmwrapper, dpmd) + diff --git a/common/netd.te b/common/netd.te index 680d499a..9e067dd7 100644 --- a/common/netd.te +++ b/common/netd.te @@ -19,3 +19,13 @@ allow netd ipacm_data_file:file r_file_perms; # needed for netd to start FST Manager via system property allow netd netd_prop:property_service set; allow netd qtitetherservices_service:service_manager find; + +allow netd self:capability fsetid; +allow netd hostapd:unix_dgram_socket sendto; + +# Allow netd to chmod dir /data/misc/dhcp +allow netd dhcp_data_file:dir create_dir_perms; + +type_transition netd wifi_data_file:dir wpa_socket "sockets"; +allow netd wpa_socket:dir create_dir_perms; +allow netd wpa_socket:sock_file create_file_perms; diff --git a/common/property.te b/common/property.te index 2bd71912..996c61e6 100644 --- a/common/property.te +++ b/common/property.te @@ -10,6 +10,7 @@ type usf_prop, property_type; type freq_prop, property_type; type perfd_prop, property_type; +type vm_bms_prop, property_type; #To start vm_bms type qti_prop, property_type; type ipacm_prop, property_type; type ipacm-diag_prop, property_type; @@ -37,3 +38,8 @@ type qemu_hw_mainkeys_prop, property_type; type coresight_prop, property_type; type ctl_hbtp_prop, property_type; +type alarm_boot_prop, property_type; +type boot_animation_prop, property_type; + +#properties set from script read from apps +type radio_noril_prop, property_type; diff --git a/common/property_contexts b/common/property_contexts index 1289583a..f3e41fa5 100644 --- a/common/property_contexts +++ b/common/property_contexts @@ -14,12 +14,14 @@ min_freq_0 u:object_r:freq_prop:s0 min_freq_4 u:object_r:freq_prop:s0 ctl.perfd u:object_r:perfd_prop:s0 ctl.iop u:object_r:perfd_prop:s0 +ctl.vm_bms u:object_r:vm_bms_prop:s0 qualcomm.bluetooth. u:object_r:bluetooth_prop:s0 ctl.ipacm u:object_r:ipacm_prop:s0 ctl.ipacm-diag u:object_r:ipacm-diag_prop:s0 ctl.qti u:object_r:qti_prop:s0 ctl.sensors u:object_r:sensors_prop:s0 ctl.msm_irqbalance u:object_r:msm_irqbalance_prop:s0 +ctl.msm_irqbal_lb u:object_r:msm_irqbalance_prop:s0 camera. u:object_r:camera_prop:s0 persist.camera. u:object_r:camera_prop:s0 sf.lcd_density u:object_r:sf_lcd_density_prop:s0 @@ -30,7 +32,12 @@ ctl.mpdecision u:object_r:mpdecision_prop:s0 qualcomm.perf.cores_online u:object_r:mpdecision_prop:s0 netd.fstman. u:object_r:netd_prop:s0 location. u:object_r:location_prop:s0 +qc.izat. u:object_r:location_prop:s0 persist.rmnet.mux u:object_r:rmnet_mux_prop:s0 qemu.hw.mainkeys u:object_r:qemu_hw_mainkeys_prop:s0 dbg.coresight.cfg_file u:object_r:coresight_prop:s0 ctl.hbtp u:object_r:ctl_hbtp_prop:s0 +sys.audio.init u:object_r:audio_prop:s0 +alarm_boot u:object_r:alarm_boot_prop:s0 +debug.sf.nobootanimation u:object_r:boot_animation_prop:s0 +radio.noril u:object_r:radio_noril_prop:s0 diff --git a/common/recovery.te b/common/recovery.te index c83bc974..68147f81 100644 --- a/common/recovery.te +++ b/common/recovery.te @@ -2,8 +2,8 @@ recovery_only(` # Read files on /sdcard allow recovery sdcard_type:dir r_dir_perms; allow recovery sdcard_type:file r_file_perms; - allow recovery vfat:dir r_dir_perms; - allow recovery vfat:file r_file_perms; + allow recovery vfat:dir create_dir_perms; + allow recovery vfat:file create_file_perms; allow recovery system_data_file:file r_file_perms; allow recovery system_data_file:dir r_dir_perms; allow recovery RIDL_data_file:file r_file_perms; diff --git a/common/ridl.te b/common/ridl.te index 6577a2c4..5d95a619 100644 --- a/common/ridl.te +++ b/common/ridl.te @@ -29,7 +29,6 @@ type RIDL, domain; type RIDL_exec, exec_type, file_type; -type_transition RIDL RIDL_data_file:sock_file RIDL_socket; allow RIDL RIDL_socket:sock_file create_file_perms; allow RIDL RIDL_socket:dir create_dir_perms; @@ -88,12 +87,15 @@ userdebug_or_eng(` # Access to ANR/segfaults allow RIDL tombstone_data_file:dir rw_dir_perms; allow RIDL tombstone_data_file:file { unlink rw_file_perms }; - allow RIDL anr_data_file:dir rw_dir_perms; - allow RIDL anr_data_file:file { unlink rw_file_perms }; + allow RIDL anr_data_file:dir rw_dir_perms; + allow RIDL anr_data_file:file { unlink rw_file_perms }; # tcpdump allow RIDL self:packet_socket create_socket_perms; allow RIDL self:capability net_raw; + + # allow location + allow RIDL app_api_service:service_manager find; ') # drop root caps @@ -108,3 +110,6 @@ allow RIDL storage_file:dir r_dir_perms; # allow logcat access read_logd( RIDL ); + +# allow netstats +allow RIDL system_api_service:service_manager find; diff --git a/common/system_server.te b/common/system_server.te index 86888b08..4aca89f3 100644 --- a/common/system_server.te +++ b/common/system_server.te @@ -120,3 +120,6 @@ allow system_server iqfp_service:service_manager find; #for seemp unix_socket_send(system_server, seempdw, seempd) + +# allow tethering to access dhcp leases +r_dir_file(system_server, dhcp_data_file) diff --git a/common/untrusted_app.te b/common/untrusted_app.te index 8b32c8fb..2407de34 100644 --- a/common/untrusted_app.te +++ b/common/untrusted_app.te @@ -20,5 +20,6 @@ allow untrusted_app wbc_service:service_manager find; # using binder call userdebug_or_eng(` + allow untrusted_app improve_touch_service:service_manager find; binder_call(untrusted_app, hbtp); ') diff --git a/common/vold.te b/common/vold.te index 5332ec94..08476cf3 100755 --- a/common/vold.te +++ b/common/vold.te @@ -4,3 +4,4 @@ allow vold cache_file:dir w_dir_perms; allow vold { fscklogs cache_file }:file create_file_perms; allow vold { proc_sysrq proc_dirty_ratio }:file rw_file_perms; wakelock_use(vold) +allow vold swap_block_device:blk_file r_file_perms; diff --git a/common/wfdservice.te b/common/wfdservice.te index 35e47912..c4fd8ceb 100644 --- a/common/wfdservice.te +++ b/common/wfdservice.te @@ -55,9 +55,12 @@ allow wfdservice uhid_device:chr_file rw_file_perms; #Allow PROT_EXEC for 3rd party library loaded by wfdservice allow wfdservice self:process execmem; -#Allow access to read mmosal_logmask file in /data partition userdebug_or_eng(` +#Allow access to read mmosal_logmask file in /data partition allow wfdservice system_data_file:file r_file_perms; +#Allow access to dump encoder/decoder dumps in /data/misc/media + allow wfdservice media_data_file:dir w_dir_perms; + allow wfdservice media_data_file:file create_file_perms; ') #Allow access to firmware files for HDCP session diff --git a/msm8226/file_contexts b/msm8226/file_contexts index 4e6975a1..cbbfdbec 100644 --- a/msm8226/file_contexts +++ b/msm8226/file_contexts @@ -39,3 +39,4 @@ /dev/block/platform/msm_sdcc\.1/by-name/cache u:object_r:cache_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8909/file_contexts b/msm8909/file_contexts index b1cf249b..caf3ec17 100644 --- a/msm8909/file_contexts +++ b/msm8909/file_contexts @@ -39,3 +39,4 @@ /dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8916/file_contexts b/msm8916/file_contexts index 9a51c270..74254358 100644 --- a/msm8916/file_contexts +++ b/msm8916/file_contexts @@ -42,3 +42,4 @@ /dev/block/platform/soc.0/7824900.sdhci/by-name/frp u:object_r:frp_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8916/init_shell.te b/msm8916/init_shell.te new file mode 100644 index 00000000..0d962af8 --- /dev/null +++ b/msm8916/init_shell.te @@ -0,0 +1,32 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# media_codecs_eld_prop - to choose target specific media_codecs.xml +# media_settings_xml_prop - to choose target specific media_profiles.xml +allow qti_init_shell { + media_msm8939hw_prop +}:property_service set; diff --git a/msm8916/property.te b/msm8916/property.te new file mode 100644 index 00000000..78560cd2 --- /dev/null +++ b/msm8916/property.te @@ -0,0 +1,30 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#properites for init.qcom.sh script +type media_msm8939hw_prop, property_type; + diff --git a/msm8916/property_contexts b/msm8916/property_contexts new file mode 100644 index 00000000..bbdf9d61 --- /dev/null +++ b/msm8916/property_contexts @@ -0,0 +1,28 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +media.msm8939hw u:object_r:media_msm8939hw_prop:s0 diff --git a/msm8937/file_contexts b/msm8937/file_contexts new file mode 100644 index 00000000..13ddaeec --- /dev/null +++ b/msm8937/file_contexts @@ -0,0 +1,45 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +################################### +# Primary storage device nodes +# +/dev/block/mmcblk0 u:object_r:root_block_device:s0 +/dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 + +#Using soc instead of soc.0 for 3.18 kernel +/dev/block/platform/soc/7824900.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/misc u:object_r:misc_partition:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/dip u:object_r:dip_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8952/file_contexts b/msm8952/file_contexts index 35a658a9..f1983f9b 100644 --- a/msm8952/file_contexts +++ b/msm8952/file_contexts @@ -41,6 +41,7 @@ /dev/block/platform/soc.0/7824900.sdhci/by-name/frp u:object_r:frp_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 #Using soc instead of soc.0 to make it compatable with 3.18 kernel diff --git a/msm8960/bootkpi.te b/msm8960/bootkpi.te new file mode 100644 index 00000000..e932e692 --- /dev/null +++ b/msm8960/bootkpi.te @@ -0,0 +1,36 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#Access to the marker_entry for logging KPI's +userdebug_or_eng(` + allow zygote sys_bootkpi:file rw_file_perms; + allow mediaserver sys_bootkpi:file rw_file_perms; + allow system_server sys_bootkpi:file rw_file_perms; + allow surfaceflinger sys_bootkpi:file rw_file_perms; + allow untrusted_app sys_bootkpi:file rw_file_perms; + allow location sys_bootkpi:file rw_file_perms; +') diff --git a/msm8960/device.te b/msm8960/device.te index 24d277a0..c49ff00d 100755 --- a/msm8960/device.te +++ b/msm8960/device.te @@ -1,2 +1,5 @@ #mdm helper device type mdm_device, dev_type; + +#device type for gss device nodes, ie /dev/gss +type gss_device, dev_type; diff --git a/msm8960/file.te b/msm8960/file.te index e5cea972..e8a78cc5 100644 --- a/msm8960/file.te +++ b/msm8960/file.te @@ -1,2 +1,30 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE + #efs file types type efs_data_file, file_type, data_file_type; +type mpdecision_socket, file_type; diff --git a/msm8960/file_contexts b/msm8960/file_contexts index ce5bec4b..c43f6a14 100755 --- a/msm8960/file_contexts +++ b/msm8960/file_contexts @@ -26,14 +26,25 @@ /dev/block/platform/msm_sdcc\.1/by-name/ssd u:object_r:ssd_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/bootdevice/by-name/m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/bootdevice/by-name/m9kefsc u:object_r:efs_boot_dev:s0 +/dev/gss u:object_r:gss_device:s0 +/dev/pps[0-9] u:object_r:gss_device:s0 +/dev/socket/mpdecision u:object_r:mpdecision_socket:s0 + ################################### # System files # /system/bin/thermald u:object_r:thermal-engine_exec:s0 +/system/bin/thermal-engine u:object_r:thermal-engine_exec:s0 /system/bin/qcks u:object_r:mdm_helper_exec:s0 /system/bin/efks u:object_r:mdm_helper_exec:s0 +/system/bin/DR_AP_Service u:object_r:location_exec:s0 ################################### # Data files # /data/qcks(/.*)? u:object_r:efs_data_file:s0 +/sys/bootkpi/marker_entry u:object_r:sys_bootkpi:s0 diff --git a/msm8960/init_shell.te b/msm8960/init_shell.te new file mode 100644 index 00000000..a58c8b6f --- /dev/null +++ b/msm8960/init_shell.te @@ -0,0 +1,32 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE + +#For property starting with hw +#ctl_thermal-engine_prop - for access the thermal-engine +allow qti_init_shell { + ctl_thermal-engine_prop +}:property_service set; diff --git a/msm8960/location.te b/msm8960/location.te new file mode 100644 index 00000000..67ce6800 --- /dev/null +++ b/msm8960/location.te @@ -0,0 +1,29 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#For gss device +allow location gss_device:chr_file rw_file_perms; diff --git a/msm8960/property.te b/msm8960/property.te new file mode 100644 index 00000000..cba96b2a --- /dev/null +++ b/msm8960/property.te @@ -0,0 +1,29 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE + +#property for thermal daemon +type ctl_thermal-engine_prop, property_type; diff --git a/msm8960/property_contexts b/msm8960/property_contexts new file mode 100644 index 00000000..bb3c9d52 --- /dev/null +++ b/msm8960/property_contexts @@ -0,0 +1 @@ +ctl.thermal-engine u:object_r:ctl_thermal-engine_prop:s0 diff --git a/msm8960/rmt_storage.te b/msm8960/rmt_storage.te deleted file mode 100644 index 3b3bbb29..00000000 --- a/msm8960/rmt_storage.te +++ /dev/null @@ -1,5 +0,0 @@ -# rmt_storage - rmt_storage daemon -allow rmt_storage rpmb_device:blk_file { open read }; -allow rmt_storage ssd_device:blk_file { open read write }; -unix_socket_connect(rmt_storage, property, init) -allow rmt_storage ctl_default_prop:property_service set; diff --git a/msm8960/system_server.te b/msm8960/system_server.te index 1ac7260e..0185b373 100644 --- a/msm8960/system_server.te +++ b/msm8960/system_server.te @@ -1,2 +1,5 @@ # WifiStateMachine to access wpa_wlan0 socket allow system_server init:unix_dgram_socket sendto; + +#For gss +allow system_server gss_device:chr_file rw_file_perms; diff --git a/msm8960/thermal-engine.te b/msm8960/thermal-engine.te index 85c93f16..bc7bfc8e 100644 --- a/msm8960/thermal-engine.te +++ b/msm8960/thermal-engine.te @@ -1,2 +1,33 @@ +# Copyright (c) 2015, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE + allow thermal-engine self:netlink_kobject_uevent_socket { create read setopt bind }; allow thermal-engine socket_device:dir w_dir_perms; + +#connect to mpdecision +unix_socket_connect(thermal-engine, mpdecision, mpdecision) +allow thermal-engine self:capability net_admin; diff --git a/msm8974/file_contexts b/msm8974/file_contexts index 0625662b..a4ead6da 100644 --- a/msm8974/file_contexts +++ b/msm8974/file_contexts @@ -39,3 +39,4 @@ /dev/block/platform/msm_sdcc\.1/by-name/cache u:object_r:cache_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8996/file_contexts b/msm8996/file_contexts index e5de37b7..948bdcda 100644 --- a/msm8996/file_contexts +++ b/msm8996/file_contexts @@ -48,7 +48,10 @@ /dev/block/platform/soc/624000.ufshc/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/cache u:object_r:cache_block_device:s0 /dev/block/platform/soc/624000.ufshc/by-name/frp u:object_r:frp_block_device:s0 - +/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/624000.ufshc/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 # eMMC devices /dev/block/platform/soc/7464900.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 @@ -67,6 +70,10 @@ /dev/block/platform/soc/7464900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/cache u:object_r:cache_block_device:s0 /dev/block/platform/soc/7464900.sdhci/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 +/dev/block/platform/soc/7464900.sdhci/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 ################################### # System files |