From afcc03d440ddad6deb0805ac4352cdf020396f43 Mon Sep 17 00:00:00 2001 From: mikairyuu Date: Tue, 25 Oct 2022 10:17:40 +1000 Subject: [PATCH] sm7250-common: sepolicy: address new denials --- sepolicy/vendor/hal_wifi_default.te | 4 ++++ sepolicy/vendor/hdvcp.te | 2 +- sepolicy/vendor/system_server.te | 2 ++ .../vendor/vendor_hal_capabilityconfigstore_qti_default.te | 4 ++++ sepolicy/vendor/vendor_hal_usb_qti.te | 1 + sepolicy/vendor/vendor_qti_init_shell.te | 3 ++- sepolicy/vendor/vendor_qtidataservices_app.te | 3 ++- 7 files changed, 16 insertions(+), 3 deletions(-) create mode 100644 sepolicy/vendor/hal_wifi_default.te create mode 100644 sepolicy/vendor/vendor_hal_capabilityconfigstore_qti_default.te create mode 100644 sepolicy/vendor/vendor_hal_usb_qti.te diff --git a/sepolicy/vendor/hal_wifi_default.te b/sepolicy/vendor/hal_wifi_default.te new file mode 100644 index 0000000..23d93e5 --- /dev/null +++ b/sepolicy/vendor/hal_wifi_default.te @@ -0,0 +1,4 @@ +allow hal_wifi_default self:capability sys_module; + + +allow hal_wifi_default persist_vendor_debug_wifi_prop:file { read }; \ No newline at end of file diff --git a/sepolicy/vendor/hdvcp.te b/sepolicy/vendor/hdvcp.te index d95fa0d..1068d3b 100644 --- a/sepolicy/vendor/hdvcp.te +++ b/sepolicy/vendor/hdvcp.te @@ -1,2 +1,2 @@ -allow vendor_hvdcp sysfs:file { getattr read }; +allow vendor_hvdcp sysfs:file { getattr read open write}; allow vendor_hvdcp kmsg_device:chr_file rw_file_perms; \ No newline at end of file diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index ac783bd..30c25c3 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -1,5 +1,7 @@ allow system_server proc_last_kmsg:file r_file_perms; +allow system_server sysfs:file { read }; + allow system_server vendor_sysfs_battery_supply:file { getattr open read }; allow system_server system_server:capability { sys_module }; allow system_server vendor_proc_shs:dir search; diff --git a/sepolicy/vendor/vendor_hal_capabilityconfigstore_qti_default.te b/sepolicy/vendor/vendor_hal_capabilityconfigstore_qti_default.te new file mode 100644 index 0000000..5626f48 --- /dev/null +++ b/sepolicy/vendor/vendor_hal_capabilityconfigstore_qti_default.te @@ -0,0 +1,4 @@ + + +# Allow vendor_hal_capabilityconfigstore_qti_default to read, open, map and get attributes in vendor_cap_configstore_dbg_prop +allow vendor_hal_capabilityconfigstore_qti_default vendor_cap_configstore_dbg_prop:file { getattr map open read }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_hal_usb_qti.te b/sepolicy/vendor/vendor_hal_usb_qti.te new file mode 100644 index 0000000..cba3a0b --- /dev/null +++ b/sepolicy/vendor/vendor_hal_usb_qti.te @@ -0,0 +1 @@ +allow vendor_hal_usb_qti vendor_default_prop:property_service { set }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_qti_init_shell.te b/sepolicy/vendor/vendor_qti_init_shell.te index 012b282..a2462eb 100644 --- a/sepolicy/vendor/vendor_qti_init_shell.te +++ b/sepolicy/vendor/vendor_qti_init_shell.te @@ -8,4 +8,5 @@ allow vendor_qti_init_shell vendor_bluetooth_prop:property_service set; allow vendor_qti_init_shell vendor_wifi_vendor_data_file:dir search; allow vendor_qti_init_shell vendor_wifi_vendor_data_file:file r_file_perms; -allow vendor_qti_init_shell sysfs_wakeup:file setattr; \ No newline at end of file +allow vendor_qti_init_shell sysfs_wakeup:file setattr; +allow vendor_qti_init_shell proc_watermark_scale_factor:file w_file_perms; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_qtidataservices_app.te b/sepolicy/vendor/vendor_qtidataservices_app.te index de48543..754b366 100644 --- a/sepolicy/vendor/vendor_qtidataservices_app.te +++ b/sepolicy/vendor/vendor_qtidataservices_app.te @@ -1,3 +1,4 @@ allow vendor_qtidataservices_app unlabeled:file { read }; -get_prop(vendor_qtidataservices_app, vendor_default_prop) \ No newline at end of file +get_prop(vendor_qtidataservices_app, vendor_default_prop) +get_prop(vendor_qtidataservices_app, default_prop) \ No newline at end of file