diff options
-rw-r--r-- | common/file.te | 1 | ||||
-rw-r--r-- | common/file_contexts | 1 | ||||
-rw-r--r-- | common/location_app.te | 1 | ||||
-rw-r--r-- | common/perfd.te | 13 | ||||
-rw-r--r-- | common/qfp-daemon.te | 4 | ||||
-rw-r--r-- | common/qseecomd.te | 2 |
6 files changed, 21 insertions, 1 deletions
diff --git a/common/file.te b/common/file.te index b3b2885c..c1c59541 100644 --- a/common/file.te +++ b/common/file.te @@ -146,6 +146,7 @@ type persist_usf_file, file_type; #qfp-daemon type qfp-daemon_data_file, file_type, data_file_type; +type persist_qc_senseid_file, file_type; # dts notifier files type dts_data_file, file_type, data_file_type; diff --git a/common/file_contexts b/common/file_contexts index 35605fc7..3ef0204f 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -312,6 +312,7 @@ /persist/data(/.*)? u:object_r:persist_drm_file:s0 /persist/data/tz(/.*)? u:object_r:persist_drm_file:s0 /persist/data/sfs(/.*)? u:object_r:persist_drm_file:s0 +/persist/qc_senseid(/.*)? u:object_r:persist_qc_senseid_file:s0 /persist/usf(/.*)? u:object_r:persist_usf_file:s0 /persist/hlos_rfs(/.*)? u:object_r:rfs_shared_hlos_file:s0 /persist/display(/.*)? u:object_r:persist_display_file:s0 diff --git a/common/location_app.te b/common/location_app.te index a2ef5690..7bc7a5a7 100644 --- a/common/location_app.te +++ b/common/location_app.te @@ -6,6 +6,7 @@ qmux_socket(location_app) #Permissions for JDWP userdebug_or_eng(` + net_domain(location_app) allow location_app { adbd su }:unix_stream_socket connectto; allow location_app surfaceflinger_service:service_manager find; ') diff --git a/common/perfd.te b/common/perfd.te index c74ae584..9fa0c391 100644 --- a/common/perfd.te +++ b/common/perfd.te @@ -3,7 +3,7 @@ type perfd_exec, exec_type, file_type; init_daemon_domain(perfd) -allow perfd self:capability { net_admin chown dac_override fsetid }; +allow perfd self:capability { net_admin chown dac_override fsetid kill }; allow perfd { sysfs_devices_system_cpu sysfs_cpu_online @@ -36,3 +36,14 @@ unix_socket_connect(perfd, thermal, thermal-engine); # Access device nodes inside /dev/cpuctl allow perfd cpuctl_device:chr_file rw_file_perms; + +# Allow perfd to send signull +allow perfd { + system_server + system_app + wfdservice + mediaserver + thermal-engine + surfaceflinger + appdomain +}:process signull; diff --git a/common/qfp-daemon.te b/common/qfp-daemon.te index 5d2d7a4b..b154c54d 100644 --- a/common/qfp-daemon.te +++ b/common/qfp-daemon.te @@ -55,6 +55,10 @@ allow qfp-daemon qbt1000_device:chr_file rw_file_perms; # R dir perms for firmware dir r_dir_file(qfp-daemon, firmware_file) +# R dir perms for persist qc_senseid dir +r_dir_file(qfp-daemon, persist_file) +r_dir_file(qfp-daemon, persist_qc_senseid_file) + # Allow qfp daemon access to system server binder_call(qfp-daemon, system_server); diff --git a/common/qseecomd.te b/common/qseecomd.te index f97849d6..0c077ea1 100644 --- a/common/qseecomd.te +++ b/common/qseecomd.te @@ -70,6 +70,8 @@ allow tee system_prop:property_service set; #allow access to qfp-daemon allow tee qfp-daemon_data_file:dir create_dir_perms; allow tee qfp-daemon_data_file:file create_file_perms; +allow tee persist_qc_senseid_file:dir create_dir_perms; +allow tee persist_qc_senseid_file:file create_file_perms; #allow access to fingerprintd data file allow tee fingerprintd_data_file:dir create_dir_perms; |