sm7250-common: sepolicy: Properly address multiple denials

2022-06-16 19:50:51 +10:00 · 2022-06-16 19:50:51 +10:00 · dd25b98a11
commit dd25b98a11
parent 1ea059b2ea
12 changed files with 17 additions and 1 deletions
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@ -12,3 +12,4 @@ set_prop(hal_audio_default, vendor_audio_prop)

 allow hal_audio_default audio_socket:sock_file rw_file_perms;
 allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
+allow hal_audio_default vendor_diag_device:chr_file { read write };
--- a/sepolicy/vendor/hal_graphics_composer_default.te
+++ b/sepolicy/vendor/hal_graphics_composer_default.te
@ -0,0 +1 @@
+allow hal_graphics_composer_default vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/mi_thermald.te
+++ b/sepolicy/vendor/mi_thermald.te
@ -15,6 +15,7 @@ r_dir_file(mi_thermald, vendor_sysfs_graphics)
 r_dir_file(mi_thermald, vendor_sysfs_kgsl)
 r_dir_file(mi_thermald, sysfs_leds)
 r_dir_file(mi_thermald, sysfs_thermal)
+r_dir_file(mi_thermald, sysfs)

 # Allow mi_thermald to read and write to sysfs_*
 allow mi_thermald {
@ -23,6 +24,7 @@ allow mi_thermald {
  vendor_sysfs_graphics
  vendor_sysfs_kgsl
  sysfs_thermal
+  sysfs
 }:{
  file
  lnk_file
--- a/sepolicy/vendor/rild.te
+++ b/sepolicy/vendor/rild.te
@ -1 +1,3 @@
 set_prop(rild, deviceid_prop)
+get_prop(rild, vendor_pd_locater_dbg_prop)
+allow rild vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/system_server.te
+++ b/sepolicy/vendor/system_server.te
@ -1,5 +1,6 @@
 allow system_server proc_last_kmsg:file r_file_perms;

 allow system_server vendor_sysfs_battery_supply:file { getattr open read };
-
+allow system_server system_server:capability { sys_module };
+allow system_server vendor_proc_shs:dir search;
 get_prop(system_server, vendor_display_notch_prop)
--- a/sepolicy/vendor/turbo_adapter.te
+++ b/sepolicy/vendor/turbo_adapter.te
@ -0,0 +1 @@
+dontaudit turbo_adapter default_android_hwservice:hwservice_manager { find };
--- a/sepolicy/vendor/vendor_dpmd.te
+++ b/sepolicy/vendor/vendor_dpmd.te
@ -0,0 +1 @@
+allow vendor_dpmd vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/vendor_hal_imsrtp.te
+++ b/sepolicy/vendor/vendor_hal_imsrtp.te
@ -0,0 +1 @@
+allow vendor_hal_imsrtp vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/vendor_hal_rcsservice.te
+++ b/sepolicy/vendor/vendor_hal_rcsservice.te
@ -0,0 +1 @@
+allow vendor_hal_rcsservice vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/vendor_ims.te
+++ b/sepolicy/vendor/vendor_ims.te
@ -0,0 +1 @@
+allow vendor_ims vendor_diag_device:chr_file { open read write ioctl };
--- a/sepolicy/vendor/vendor_qtidataservices_app.te
+++ b/sepolicy/vendor/vendor_qtidataservices_app.te
@ -0,0 +1,3 @@
+allow vendor_qtidataservices_app unlabeled:file { read };
+
+get_prop(vendor_qtidataservices_app, vendor_default_prop)
--- a/sepolicy/vendor/vendor_sensors_qti.te
+++ b/sepolicy/vendor/vendor_sensors_qti.te
@ -0,0 +1 @@
+allow vendor_sensors_qti vendor_diag_device:chr_file { open read write ioctl };
				`@ -0,0 +1 @@`
				`allow hal_graphics_composer_default vendor_diag_device:chr_file { open read write ioctl };`
				`@ -0,0 +1 @@`
				`dontaudit turbo_adapter default_android_hwservice:hwservice_manager { find };`
				`@ -0,0 +1 @@`
				`allow vendor_dpmd vendor_diag_device:chr_file { open read write ioctl };`
				`@ -0,0 +1 @@`
				`allow vendor_hal_imsrtp vendor_diag_device:chr_file { open read write ioctl };`
				`@ -0,0 +1 @@`
				`allow vendor_hal_rcsservice vendor_diag_device:chr_file { open read write ioctl };`
				`@ -0,0 +1 @@`
				`allow vendor_ims vendor_diag_device:chr_file { open read write ioctl };`
				`@ -0,0 +1 @@`
				`allow vendor_sensors_qti vendor_diag_device:chr_file { open read write ioctl };`