diff options
| author | Ravi Kumar Siddojigari <rsiddoji@codeaurora.org> | 2017-10-09 17:36:12 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-10-11 02:18:13 -0700 |
| commit | 9c55ce6e74eb21cc0c0d1ada4e5f039c691d80c5 (patch) | |
| tree | b954c2b34bdf53aca9d24ac0f53e8f3ef4be3384 /msmpeafowl | |
| parent | 53592de95a85cd5ccb6d592610868c47fb487e8f (diff) | |
| download | android_device_qcom_sepolicy-9c55ce6e74eb21cc0c0d1ada4e5f039c691d80c5.tar.gz android_device_qcom_sepolicy-9c55ce6e74eb21cc0c0d1ada4e5f039c691d80c5.tar.bz2 android_device_qcom_sepolicy-9c55ce6e74eb21cc0c0d1ada4e5f039c691d80c5.zip | |
sepolicy : addressing bringup related denials
updating the bootanim.te and file_contexts.
Change-Id: Iad7ee45769e6c87262c53ceff90361c5069f401d
Diffstat (limited to 'msmpeafowl')
| -rw-r--r-- | msmpeafowl/bootanim.te | 31 | ||||
| -rw-r--r-- | msmpeafowl/file_contexts | 55 |
2 files changed, 86 insertions, 0 deletions
diff --git a/msmpeafowl/bootanim.te b/msmpeafowl/bootanim.te new file mode 100644 index 00000000..a617d241 --- /dev/null +++ b/msmpeafowl/bootanim.te @@ -0,0 +1,31 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# For regionalization +allow bootanim persist_file:dir r_dir_perms; +allow bootanim regionalization_file:dir r_dir_perms; +allow bootanim regionalization_file:file r_file_perms; diff --git a/msmpeafowl/file_contexts b/msmpeafowl/file_contexts index 2115acb2..1601f44c 100644 --- a/msmpeafowl/file_contexts +++ b/msmpeafowl/file_contexts @@ -76,6 +76,56 @@ /dev/block/platform/soc/1d84000.ufshc/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 /dev/block/platform/soc/1d84000.ufshc/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 +#for eMMC +# A/B partitions. +/dev/block/platform/soc/7c4000.sdhci/by-name/abl_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/apdp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/boot_[ab] u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/cmnlib64_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/devcfg_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/hyp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/keymaster_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/modem_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/bluetooth_[ab] u:object_r:modem_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/msadp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/pmic_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/rpm_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/system_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/tz_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/vendor_[ab] u:object_r:system_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_[ab] u:object_r:xbl_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/aop_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/vbmeta_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/dtbo_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/dsp_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/mdtpsecapp_[ab] u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/qupfw_[ab] u:object_r:custom_ab_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/xbl_config_[ab] u:object_r:custom_ab_block_device:s0 + +#non A/B +/dev/block/platform/soc/7c4000.sdhci/by-name/system u:object_r:system_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/userdata u:object_r:userdata_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/boot u:object_r:boot_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/logdump u:object_r:logdump_partition:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/fsc u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/fsg u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/modemst1 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/modemst2 u:object_r:modem_efs_partition_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/ssd u:object_r:ssd_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/misc u:object_r:misc_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/rpm u:object_r:rpmb_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/msadp u:object_r:mba_debug_dev:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/recovery u:object_r:recovery_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/cache u:object_r:cache_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/frp u:object_r:frp_block_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/mdtp u:object_r:mdtp_device:s0 +/dev/block/platform/soc/7c4000.sdhci/by-name/dip u:object_r:dip_device:s0 + +#rawdump partition +/dev/block/platform/soc/7c4000.sdhci/by-name/rawdump u:object_r:rawdump_block_device:s0 + # Block device holding the GPT, where the A/B attributes are stored. /dev/block/platform/soc/1d84000.ufshc/sd[ade] u:object_r:gpt_block_device:s0 @@ -89,3 +139,8 @@ # FBE /(vendor|system/vendor)/bin/init.qti.qseecomd.sh u:object_r:init-qti-fbe-sh_exec:s0 + +################################## +# same process HAL libs +/vendor/lib(64)?/hw/gralloc\.msmpeafowl\.so u:object_r:same_process_hal_file:s0 +/vendor/lib(64)?/hw/vulkan\.msmpeafowl\.so u:object_r:same_process_hal_file:s0 |