diff options
Diffstat (limited to 'common')
| -rw-r--r-- | common/app.te | 3 | ||||
| -rw-r--r-- | common/cdsprpcd.te | 39 | ||||
| -rw-r--r-- | common/file.te | 4 | ||||
| -rw-r--r-- | common/file_contexts | 15 | ||||
| -rw-r--r--[-rwxr-xr-x] | common/genfs_contexts | 1 | ||||
| -rw-r--r-- | common/hal_camera.te | 2 | ||||
| -rw-r--r-- | common/hal_drm.te | 1 | ||||
| -rw-r--r-- | common/hal_health.te | 2 | ||||
| -rw-r--r-- | common/hostapd.te | 2 | ||||
| -rw-r--r-- | common/init.te | 5 | ||||
| -rw-r--r--[-rwxr-xr-x] | common/init_shell.te | 3 | ||||
| -rw-r--r-- | common/property_contexts | 2 | ||||
| -rw-r--r-- | common/rmt_storage.te | 5 | ||||
| -rw-r--r-- | common/surfaceflinger.te | 4 |
14 files changed, 79 insertions, 9 deletions
diff --git a/common/app.te b/common/app.te index a3669a7f..f3ef11d2 100644 --- a/common/app.te +++ b/common/app.te @@ -26,3 +26,6 @@ allow appdomain debug_gralloc_prop:file r_file_perms; #most of apps/UI try to read this prop get_prop(appdomain, sf_lcd_density_prop) + +# Allow apps to read graphics vulkan property +allow appdomain graphics_vulkan_prop:file r_file_perms; diff --git a/common/cdsprpcd.te b/common/cdsprpcd.te new file mode 100644 index 00000000..8c228858 --- /dev/null +++ b/common/cdsprpcd.te @@ -0,0 +1,39 @@ +# Copyright (c) 2017, The Linux Foundation. All rights reserved. + +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are +# met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above +# copyright notice, this list of conditions and the following +# disclaimer in the documentation and/or other materials provided +# with the distribution. +# * Neither the name of The Linux Foundation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR +# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE +# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN +# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +# cdsprpcd daemon +type cdsprpcd, domain; +type cdsprpcd_exec, exec_type, vendor_file_type, file_type; + +# Started by init +init_daemon_domain(cdsprpcd) + +allow cdsprpcd qdsp_device:chr_file r_file_perms; +allow cdsprpcd ion_device:chr_file r_file_perms; +r_dir_file(cdsprpcd, sysfs_devfreq) +allow cdsprpcd sysfs_devfreq_l3cdsp:dir r_dir_perms; +allow cdsprpcd sysfs_devfreq_l3cdsp:file rw_file_perms;
\ No newline at end of file diff --git a/common/file.te b/common/file.te index 9f465f73..a7932c1a 100644 --- a/common/file.te +++ b/common/file.te @@ -93,6 +93,7 @@ type mpctl_data_file, file_type, data_file_type; type lm_data_file, file_type, data_file_type; type sysfs_devfreq, fs_type, sysfs_type; +type sysfs_devfreq_l3cdsp, fs_type, sysfs_type; type sysfs_mmc_host, fs_type, sysfs_type; type sysfs_scsi_host, fs_type, sysfs_type; type sysfs_cpu_boost, fs_type, sysfs_type; @@ -268,6 +269,9 @@ type qti_debugfs, fs_type, debugfs_type; # vendor radio files type vendor_radio_data_file, file_type, data_file_type; +#uio sysfs +type sysfs_uio_file, fs_type, sysfs_type; + #irq balance sysfs type type sysfs_irqbalance , sysfs_type, fs_type; diff --git a/common/file_contexts b/common/file_contexts index 908a03a8..c8b71b0f 100644 --- a/common/file_contexts +++ b/common/file_contexts @@ -212,6 +212,7 @@ /(vendor|system/vendor)/bin/cnss-daemon u:object_r:wcnss_service_exec:s0 /(vendor|system/vendor)/bin/hostapd_cli u:object_r:hostapd_exec:s0 /(vendor|system/vendor)/bin/adsprpcd u:object_r:adsprpcd_exec:s0 +/(vendor|system/vendor)/bin/cdsprpcd u:object_r:cdsprpcd_exec:s0 /(vendor|system/vendor)/bin/wpa_cli u:object_r:wcnss_service_exec:s0 /(vendor|system/vendor)/bin/mdm_helper u:object_r:mdm_helper_exec:s0 /(vendor|system/vendor)/bin/mdm_helper_proxy u:object_r:mdm_helper_exec:s0 @@ -301,8 +302,8 @@ /(vendor|system/vendor)/bin/vppservice u:object_r:vppservice_exec:s0 /(vendor|system/vendor)/bin/hw/vendor\.qti\.hardware\.qteeconnector@1\.0-service u:object_r:hal_qteeconnector_qti_exec:s0 /(vendor|system/vendor)/bin/fm_qsoc_patches u:object_r:fm_qsoc_patches_exec:s0 -/(vendor|system/vendor)/bin/tloc_daemon u:object_r:tlocd_exec:s0 -/(vendor|system/vendor)/bin/power_off_alarm u:object_r:power_off_alarm_exec:s0 +/(vendor|system/vendor)/bin/tloc_daemon u:object_r:tlocd_exec:s0 +/(vendor|system/vendor)/bin/power_off_alarm u:object_r:power_off_alarm_exec:s0 ################################### # sysfs files @@ -310,6 +311,9 @@ /sys/class/graphics/fb0/mdp/caps u:object_r:sysfs_graphics:s0 /sys/class/thermal(/.*)? u:object_r:sysfs_thermal:s0 /sys/class/sensors(/.*)? u:object_r:sysfs_sensors:s0 +/sys/class/uio(/.*)? u:object_r:sysfs_uio:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0 +/sys/devices(/platform)?/soc/[a-z0-9]+.qcom,rmtfs_sharedmem/uio/uio[0-9]+/maps/map[0-9]+(/.*)? u:object_r:sysfs_uio_file:s0 /sys/devices/[^/]+bcl[^/]+(/.*)? u:object_r:sysfs_thermal:s0 /sys/devices/f9200000.*/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 /sys/devices/msm_dwc3/power_supply/usb(/.*)? u:object_r:sysfs_usb_supply:s0 @@ -387,6 +391,10 @@ /sys/devices/virtual/graphics/fb([0-3])+/ad u:object_r:sysfs_graphics:s0 /sys/devices/virtual/graphics/fb([0-3])+/pp_bl_event u:object_r:sysfs_graphics:s0 /sys/devices/virtual/rotator/mdss_rotator/caps u:object_r:sysfs_graphics:s0 + +/sys/devices/platform/vfb.([0-3])+/graphics/fb([0-3])+/modes u:object_r:sysfs_graphics:s0 +/sys/devices/platform/soc/[a-z0-9]+.qcom,mdss_mdp/drm/card([0-3])+/card([0-3])+-DSI-1/modes u:object_r:sysfs_graphics:s0 + /sys/devices/virtual/workqueue/kgsl-events/cpumask u:object_r:sysfs_kgsl:s0 /sys/devices/virtual/workqueue/kgsl-events/nice u:object_r:sysfs_kgsl:s0 /sys/devices/virtual/workqueue/kgsl-workqueue/cpumask u:object_r:sysfs_kgsl:s0 @@ -415,7 +423,7 @@ /sys/devices/msm_hsic_host/host_ready u:object_r:sysfs_hsic_host_rdy:s0 /sys/bus/esoc(/.*)? u:object_r:sysfs_esoc:s0 /sys/bus/msm_subsys(/.*)? u:object_r:sysfs_ssr:s0 -/sys/devices(/platform)?/soc/(([a-z0-9\.:]+,)+[a-z0-9\-\_]+/)+subsys[0-9]+/name u:object_r:sysfs_ssr:s0 +/sys/devices(/platform)?/soc/[a-z0-9\.:]+,[a-z0-9\-\_]+/subsys[0-9]+/name u:object_r:sysfs_ssr:s0 /sys/module/ccid_bridge(/.*)? u:object_r:sysfs_usb_uicc:s0 /sys/bus/msm_subsys/devices/subsys0/restart_level u:object_r:sysfs_ssr_toggle:s0 /sys/bus/msm_subsys/devices/subsys1/restart_level u:object_r:sysfs_ssr_toggle:s0 @@ -441,6 +449,7 @@ /sys/devices(/platform)?/soc/soc:qcom,gpubw/devfreq/soc:qcom,gpubw(/.*)? u:object_r:sysfs_devfreq:s0 /sys/devices(/platform)?/soc/soc:qcom,llccbw/devfreq/soc:qcom,llccbw(/.*)? u:object_r:sysfs_devfreq:s0 /sys/devices(/platform)?/soc/soc:qcom,l3-cpu[0-9]/devfreq/soc:qcom,l3-cpu[0-9](/.*)? u:object_r:sysfs_devfreq:s0 +/sys/devices(/platform)?/soc/soc:qcom,l3-cdsp/devfreq/soc:qcom,l3-cdsp(/.*)? u:object_r:sysfs_devfreq:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.ufshc/clkscale_enable u:object_r:sysfs_scsi_host:s0 /sys/devices(/platform)?/soc/[a-f0-9]+/host0/scsi_host/host0(/.*)? u:object_r:sysfs_scsi_host:s0 /sys/devices(/platform)?/soc/[a-f0-9]+.qcom,kgsl-3d0/kgsl/kgsl-3d0(/.*)? u:object_r:sysfs_kgsl:s0 diff --git a/common/genfs_contexts b/common/genfs_contexts index 655821cb..070c28c5 100755..100644 --- a/common/genfs_contexts +++ b/common/genfs_contexts @@ -2,6 +2,7 @@ genfscon proc /asound/card0/state u:object_r:proc_audiod:s0 genfscon proc /sys/vm/dirty_ratio u:object_r:proc_dirty_ratio:s0 genfscon sysfs /module/msm_performance/workload_modes u:object_r:sysfs_msm_perf:s0 genfscon sysfs /devices/soc/soc:qcom,cpubw/devfreq/soc:qcom,cpubw/bw_hwmon u:object_r:sysfs_devfreq:s0 +genfscon sysfs /devices/platform/soc/soc:qcom,l3-cdsp/devfreq/soc:qcom,l3-cdsp/userspace u:object_r:sysfs_devfreq_l3cdsp:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu0/devfreq/soc:qcom,memlat-cpu0/mem_latency u:object_r:sysfs_devfreq:s0 genfscon sysfs /devices/soc/soc:qcom,memlat-cpu4/devfreq/soc:qcom,memlat-cpu4/mem_latency u:object_r:sysfs_devfreq:s0 genfscon debugfs /kgsl/proc u:object_r:qti_debugfs:s0 diff --git a/common/hal_camera.te b/common/hal_camera.te index 949bbbbc..8dc7b0a9 100644 --- a/common/hal_camera.te +++ b/common/hal_camera.te @@ -55,7 +55,7 @@ r_dir_file(hal_camera_default, sysfs_graphics) #allow hal_camera to access Isensormanager allow hal_camera fwk_sensor_hwservice:hwservice_manager find; binder_call(hal_camera, system_server) - +allow hal_camera_default fwk_display_hwservice:hwservice_manager find; # from sensors team allow hal_camera self:socket create_socket_perms; diff --git a/common/hal_drm.te b/common/hal_drm.te index 3145b7d4..3822f739 100644 --- a/common/hal_drm.te +++ b/common/hal_drm.te @@ -31,3 +31,4 @@ vndbinder_use(hal_drm_default); #Allow firmware file access allow hal_drm firmware_file:dir r_dir_perms; allow hal_drm firmware_file:file r_file_perms; +allow hal_drm qce_device:chr_file rw_file_perms; diff --git a/common/hal_health.te b/common/hal_health.te index c1e66c0a..60bcf721 100644 --- a/common/hal_health.te +++ b/common/hal_health.te @@ -38,3 +38,5 @@ allow hal_health { sysfs_battery_supply sysfs_usb_supply }:file rw_file_perms; + +allow hal_health kmsg_device:chr_file rw_file_perms; diff --git a/common/hostapd.te b/common/hostapd.te index 100764f1..39033b2d 100644 --- a/common/hostapd.te +++ b/common/hostapd.te @@ -45,7 +45,7 @@ allow hostapd fstman:unix_dgram_socket sendto; allow hostapd wifi_vendor_data_file:dir w_dir_perms; allow hostapd wifi_vendor_data_file:file create_file_perms; allow hostapd wifi_vendor_hostapd_socket:dir w_dir_perms; -allow hostapd wifi_vendor_hostapd_socket:sock_file create_file_perms; +allow hostapd wifi_vendor_hostapd_socket:sock_file { unlink create setattr }; # wigig_hostapd has its own directory for sockets, # in order to prevent conflicts with wifi hostapd # allow wigig_hostapd to create the directory holding its control socket diff --git a/common/init.te b/common/init.te index 7601f7a2..f9782d78 100644 --- a/common/init.te +++ b/common/init.te @@ -25,7 +25,7 @@ allow init tmpfs:lnk_file create_file_perms; #For configfs file permission allow init configfs:dir r_dir_perms; -allow init configfs:file { rw_file_perms link }; +allow init configfs:file { create_file_perms link }; allow init configfs:lnk_file create_file_perms; #Allow init to mount non-hlos partitions in A/B builds @@ -53,3 +53,6 @@ allow init { #rawdump allow init rawdump_block_device:blk_file setattr; + +#cpu.rt_period_us and _runtime_us need this +allow init cgroup:file create; diff --git a/common/init_shell.te b/common/init_shell.te index 138ff210..e136fb79 100755..100644 --- a/common/init_shell.te +++ b/common/init_shell.te @@ -85,6 +85,7 @@ set_prop(qti_init_shell, ctl_netmgrd_prop) set_prop(qti_init_shell, ctl_port-bridge_prop) set_prop(qti_init_shell, sdm_idle_time_prop) set_prop(qti_init_shell, sf_lcd_density_prop) +set_prop(qti_init_shell, dalvik_prop) set_prop(qti_init_shell, scr_enabled_prop) set_prop(qti_init_shell, opengles_prop) set_prop(qti_init_shell, mdm_helper_prop) @@ -221,6 +222,8 @@ allow qti_init_shell rmnet_mux_prop:file r_file_perms; r_dir_file(qti_init_shell, sysfs_devfreq) allow qti_init_shell sysfs_devfreq:file w_file_perms; +r_dir_file(qti_init_shell, sysfs_devfreq_l3cdsp) +allow qti_init_shell sysfs_devfreq_l3cdsp:file setattr; allow qti_init_shell vendor_radio_data_file:dir create_dir_perms; allow qti_init_shell vendor_radio_data_file:file create_file_perms; diff --git a/common/property_contexts b/common/property_contexts index 1add2883..2ae2774c 100644 --- a/common/property_contexts +++ b/common/property_contexts @@ -47,7 +47,7 @@ ctl.qti u:object_r:qti_prop:s0 ctl.sensors u:object_r:sensors_prop:s0 ctl.vendor.msm_irqbalance u:object_r:msm_irqbalance_prop:s0 ctl.vendor.msm_irqbl_sdm630 u:object_r:msm_irqbl_sdm630_prop:s0 -ctl.msm_irqbal_lb u:object_r:msm_irqbalance_prop:s0 +ctl.vendor.msm_irqbal_lb u:object_r:msm_irqbalance_prop:s0 camera. u:object_r:camera_prop:s0 persist.camera. u:object_r:camera_prop:s0 vendor.spcom. u:object_r:spcomlib_prop:s0 diff --git a/common/rmt_storage.te b/common/rmt_storage.te index 4a300e21..b56cb64c 100644 --- a/common/rmt_storage.te +++ b/common/rmt_storage.te @@ -39,5 +39,6 @@ allow rmt_storage qti_debugfs:dir r_dir_perms; allow rmt_storage qti_debugfs:file rw_file_perms; ') -allow rmt_storage sysfs:dir r_dir_perms; -allow rmt_storage sysfs:file r_file_perms; +#sysfs_uio +r_dir_file(rmt_storage, sysfs_uio) +r_dir_file(rmt_storage, sysfs_uio_file) diff --git a/common/surfaceflinger.te b/common/surfaceflinger.te index 66b57e21..75d2983f 100644 --- a/common/surfaceflinger.te +++ b/common/surfaceflinger.te @@ -27,6 +27,10 @@ binder_call(surfaceflinger, mmi) #Allow access to cameraserver service allow surfaceflinger cameraserver_service:service_manager find; + +#Allow access to binder callback's to camera hal +binder_call(surfaceflinger, hal_camera_default) + #diag userdebug_or_eng(` diag_use(surfaceflinger) |