diff options
| author | Michael Bestas <mikeioannina@cyanogenmod.org> | 2016-11-06 03:58:32 +0200 |
|---|---|---|
| committer | Michael Bestas <mikeioannina@cyanogenmod.org> | 2016-11-06 03:58:32 +0200 |
| commit | 8259f14eb17322bcc472e90ac81f148e52d0e5a0 (patch) | |
| tree | 32fd005510005dd8569555b9cf291add20359e2b | |
| parent | 7e2df7f866ea59864f2b59602dff5a93a03600db (diff) | |
| parent | c9dda58f3dd37826bd833457d0c41739bd0721af (diff) | |
| download | android_device_qcom_sepolicy-8259f14eb17322bcc472e90ac81f148e52d0e5a0.tar.gz android_device_qcom_sepolicy-8259f14eb17322bcc472e90ac81f148e52d0e5a0.tar.bz2 android_device_qcom_sepolicy-8259f14eb17322bcc472e90ac81f148e52d0e5a0.zip | |
Merge remote-tracking branch 'caf/LA.BR.1.2.9_rb1.8' into cm-14.1
Change-Id: I80df296b03acef02569cecc38f9f91374a36df25
| -rw-r--r-- | apq8084/file_contexts | 7 | ||||
| -rw-r--r-- | common/audioserver.te | 7 | ||||
| -rw-r--r-- | common/dataservice_app.te | 2 | ||||
| -rw-r--r-- | common/file_contexts | 2 | ||||
| -rwxr-xr-x | common/genfs_contexts | 2 | ||||
| -rwxr-xr-x | common/mmi.te | 4 | ||||
| -rwxr-xr-x | common/property.te | 4 | ||||
| -rwxr-xr-x | common/property_contexts | 1 | ||||
| -rw-r--r-- | common/ridl.te | 1 | ||||
| -rw-r--r-- | msm8909/file_contexts | 1 | ||||
| -rw-r--r-- | msm8916/file_contexts | 7 | ||||
| -rw-r--r-- | msm8937/file_contexts | 6 | ||||
| -rw-r--r-- | msm8953/file_contexts | 3 | ||||
| -rwxr-xr-x | msm8960/file_contexts | 3 | ||||
| -rw-r--r-- | msm8996/qvrd.te | 6 |
15 files changed, 45 insertions, 11 deletions
diff --git a/apq8084/file_contexts b/apq8084/file_contexts index 14e7b840..13161f06 100644 --- a/apq8084/file_contexts +++ b/apq8084/file_contexts @@ -28,19 +28,20 @@ ################################### # Primary storage device nodes # -/dev/block/platform/msm_sdcc\.1/by-name/boot u:object_r:boot_block_device:s0 -/dev/block/platform/msm_sdcc\.1/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/modem u:object_r:modem_efs_partition_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/ssd u:object_r:ssd_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/misc u:object_r:misc_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/userdata u:object_r:userdata_block_device:s0 -/dev/block/platform/msm_sdcc\.1/by-name/cache u:object_r:cache_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/mdm1m9kefs1 u:object_r:efs_boot_dev:s0 /dev/block/platform/msm_sdcc\.1/by-name/mdm1m9kefs2 u:object_r:efs_boot_dev:s0 /dev/block/platform/msm_sdcc\.1/by-name/mdm1m9kefs3 u:object_r:efs_boot_dev:s0 /dev/block/platform/msm_sdcc\.1/by-name/mdm1m9kefsc u:object_r:efs_boot_dev:s0 +/dev/block/platform/msm_sdcc\.1/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/logdump u:object_r:logdump_partition:s0 # qca data file for apq8084 target diff --git a/common/audioserver.te b/common/audioserver.te index a1b74afb..785da0a2 100644 --- a/common/audioserver.te +++ b/common/audioserver.te @@ -45,8 +45,15 @@ allow audioserver debugfs:file rw_file_perms; allow audioserver audio_data_file:sock_file { create setattr unlink }; allow audioserver audio_data_file:dir remove_name; +# Allow audioserver to read sysfs dir and sysfs_thermal files for speaker protection +allow audioserver sysfs:dir r_dir_perms; +allow audioserver sysfs_thermal:file r_file_perms; + # Allow audioserver to access sysfs nodes allow audioserver sysfs:file rw_file_perms; userdebug_or_eng(` diag_use(audioserver) ') + +#Rules for audioserver to talk to peripheral manager +use_per_mgr(audioserver); diff --git a/common/dataservice_app.te b/common/dataservice_app.te index 9c48a601..36056c17 100644 --- a/common/dataservice_app.te +++ b/common/dataservice_app.te @@ -34,6 +34,8 @@ net_domain(dataservice_app) allow dataservice_app { qtitetherservice_service dpmservice cne_service } :service_manager { add find } ; allow dataservice_app { app_api_service system_api_service audioserver_service radio_service } :service_manager find; +set_prop(dataservice_app, sys_usb_tethering_prop) + allow dataservice_app self:socket create_socket_perms; unix_socket_connect(dataservice_app, netd, netd); qmux_socket(dataservice_app); diff --git a/common/file_contexts b/common/file_contexts index 5793b770..498ca0de 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -296,7 +296,7 @@ /sys/devices/soc/soc:hbtp/secure_touch u:object_r:hbtp_kernel_sysfs:s0 /sys/devices/soc/soc:hbtp/secure_touch_enable u:object_r:hbtp_kernel_sysfs:s0 /sys/devices/soc/soc:hbtp/secure_touch_userspace u:object_r:hbtp_kernel_sysfs:s0 - +/sys/firmware/devicetree/base/cpus(/.*)? u:object_r:sysfs_devices_system_cpu:s0 ################################### # data files # diff --git a/common/genfs_contexts b/common/genfs_contexts index f92adbdb..dfb6152b 100755 --- a/common/genfs_contexts +++ b/common/genfs_contexts @@ -1,2 +1,2 @@ genfscon proc /asound/card0/state u:object_r:proc_audiod:s0 -genfscon proc /proc/sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 +genfscon proc /sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 diff --git a/common/mmi.te b/common/mmi.te index 92e1ebcd..3fedc290 100755 --- a/common/mmi.te +++ b/common/mmi.te @@ -10,6 +10,7 @@ allow mmi self:socket create_socket_perms; allow mmi self:{ netlink_socket netlink_generic_socket } create_socket_perms; allow mmi self:udp_socket create_socket_perms; allow mmi self:capability { sys_nice dac_override setuid setgid fowner chown fsetid kill net_admin sys_module net_raw}; +allow mmi self:capability2 wake_alarm; #For various devices allow mmi sysfs:file w_file_perms; @@ -107,6 +108,9 @@ allow mmi sensors_device:chr_file r_file_perms; #logcat domain_auto_trans(mmi, logcat_exec, logd); +#access kmsg device for logging +allow mmi kmsg_device:chr_file rw_file_perms; + #mmi test unix_socket_connect(mmi, cnd, cnd); unix_socket_connect(mmi, dpmwrapper, dpmd); diff --git a/common/property.te b/common/property.te index 90a55cfd..c3032b10 100755 --- a/common/property.te +++ b/common/property.te @@ -69,7 +69,9 @@ type qemu_hw_mainkeys_prop, property_type, core_property_type; type sys_usb_controller_prop, property_type; type sys_usb_configfs_prop, property_type; -type coresight_prop, property_type; +type sys_usb_tethering_prop, property_type; + +type coresight_prop, property_type, core_property_type; type ctl_hbtp_prop, property_type; type alarm_boot_prop, property_type, core_property_type; diff --git a/common/property_contexts b/common/property_contexts index bb4720d9..bbaf87b4 100755 --- a/common/property_contexts +++ b/common/property_contexts @@ -63,6 +63,7 @@ qc.izat. u:object_r:location_prop:s0 persist.rmnet.mux u:object_r:rmnet_mux_prop:s0 sys.usb.controller u:object_r:sys_usb_controller_prop:s0 sys.usb.configfs u:object_r:sys_usb_configfs_prop:s0 +sys.usb.tethering u:object_r:sys_usb_tethering_prop:s0 qemu.hw.mainkeys u:object_r:qemu_hw_mainkeys_prop:s0 ro.dbg.coresight.cfg_file u:object_r:coresight_prop:s0 ctl.hbtp u:object_r:ctl_hbtp_prop:s0 diff --git a/common/ridl.te b/common/ridl.te index ec6ad2ff..90f9d366 100644 --- a/common/ridl.te +++ b/common/ridl.te @@ -93,6 +93,7 @@ userdebug_or_eng(` # tcpdump allow RIDL self:packet_socket create_socket_perms; allow RIDL self:capability net_raw; + diag_use( RIDL ) # allow location allow RIDL app_api_service:service_manager find; diff --git a/msm8909/file_contexts b/msm8909/file_contexts index 689e8b51..bbebd72c 100644 --- a/msm8909/file_contexts +++ b/msm8909/file_contexts @@ -38,6 +38,7 @@ /dev/block/platform/soc.0/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 diff --git a/msm8916/file_contexts b/msm8916/file_contexts index 4d0a1bed..c6835dda 100644 --- a/msm8916/file_contexts +++ b/msm8916/file_contexts @@ -28,8 +28,6 @@ ################################### # Primary storage device nodes # -/dev/block/platform/soc.0/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 -/dev/block/platform/soc.0/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 @@ -38,8 +36,11 @@ /dev/block/platform/soc.0/7824900.sdhci/by-name/misc u:object_r:misc_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 /dev/block/mmcblk0 u:object_r:root_block_device:s0 /dev/block/mmcblk0rpmb u:object_r:rpmb_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc.0/7824900.sdhci/by-name/system u:object_r:system_block_device:s0 /dev/block/platform/soc.0/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 -/dev/block/platform/soc.0/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 diff --git a/msm8937/file_contexts b/msm8937/file_contexts index 30978355..5aea9873 100644 --- a/msm8937/file_contexts +++ b/msm8937/file_contexts @@ -43,8 +43,12 @@ /dev/block/platform/soc/7824900.sdhci/by-name/dip u:object_r:dip_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 -/dev/block/platform/soc/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 + + #rawdump partition /dev/block/platform/soc/7824900.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 diff --git a/msm8953/file_contexts b/msm8953/file_contexts index 51bfa05f..579f6988 100644 --- a/msm8953/file_contexts +++ b/msm8953/file_contexts @@ -44,6 +44,9 @@ /dev/block/platform/soc/7824900.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/config u:object_r:frp_block_device:s0 /dev/block/platform/soc/7824900.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7824900.sdhci/by-name/cache u:object_r:cache_block_device:s0 #rawdump partition /dev/block/platform/soc/7824900.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 diff --git a/msm8960/file_contexts b/msm8960/file_contexts index e10f1232..d1f3d66b 100755 --- a/msm8960/file_contexts +++ b/msm8960/file_contexts @@ -16,6 +16,7 @@ /dev/block/platform/msm_sdcc\.1/by-name/cache u:object_r:cache_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/fsg u:object_r:modem_efs_partition_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/msm_sdcc\.1/by-name/logdump u:object_r:logdump_partition:s0 /dev/block/platform/msm_sdcc\.1/by-name/m9kefs1 u:object_r:efs_boot_dev:s0 /dev/block/platform/msm_sdcc\.1/by-name/m9kefs2 u:object_r:efs_boot_dev:s0 /dev/block/platform/msm_sdcc\.1/by-name/m9kefs3 u:object_r:efs_boot_dev:s0 @@ -25,7 +26,7 @@ /dev/block/platform/msm_sdcc\.1/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/recovery u:object_r:recovery_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/ssd u:object_r:ssd_device:s0 -/dev/block/platform/msm_sdcc.1/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/msm_sdcc\.1/by-name/system u:object_r:system_block_device:s0 /dev/block/platform/msm_sdcc\.1/by-name/userdata u:object_r:userdata_block_device:s0 ################################### diff --git a/msm8996/qvrd.te b/msm8996/qvrd.te index 310071c1..778ae61e 100644 --- a/msm8996/qvrd.te +++ b/msm8996/qvrd.te @@ -91,3 +91,9 @@ allow qvrd sysfs:file r_file_perms; allow qvrd video_device:dir r_dir_perms; unix_socket_connect(qvrd, mpctl, perfd) + +# Allow access to sensor1 API +allow qvrd self:socket create_socket_perms; +allow qvrd persist_file:dir r_dir_perms; +allow qvrd sensors_persist_file:dir r_dir_perms; +allow qvrd sensors_persist_file:file r_file_perms; |