From dd25b98a11361b3ee3e6324ecb3cc7cc791f9fa4 Mon Sep 17 00:00:00 2001 From: mikairyuu Date: Thu, 16 Jun 2022 19:50:51 +1000 Subject: [PATCH] sm7250-common: sepolicy: Properly address multiple denials --- sepolicy/vendor/hal_audio_default.te | 1 + sepolicy/vendor/hal_graphics_composer_default.te | 1 + sepolicy/vendor/mi_thermald.te | 2 ++ sepolicy/vendor/rild.te | 2 ++ sepolicy/vendor/system_server.te | 3 ++- sepolicy/vendor/turbo_adapter.te | 1 + sepolicy/vendor/vendor_dpmd.te | 1 + sepolicy/vendor/vendor_hal_imsrtp.te | 1 + sepolicy/vendor/vendor_hal_rcsservice.te | 1 + sepolicy/vendor/vendor_ims.te | 1 + sepolicy/vendor/vendor_qtidataservices_app.te | 3 +++ sepolicy/vendor/vendor_sensors_qti.te | 1 + 12 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 sepolicy/vendor/hal_graphics_composer_default.te create mode 100644 sepolicy/vendor/turbo_adapter.te create mode 100644 sepolicy/vendor/vendor_dpmd.te create mode 100644 sepolicy/vendor/vendor_hal_imsrtp.te create mode 100644 sepolicy/vendor/vendor_hal_rcsservice.te create mode 100644 sepolicy/vendor/vendor_ims.te create mode 100644 sepolicy/vendor/vendor_qtidataservices_app.te create mode 100644 sepolicy/vendor/vendor_sensors_qti.te diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te index a981cff..98e9624 100644 --- a/sepolicy/vendor/hal_audio_default.te +++ b/sepolicy/vendor/hal_audio_default.te @@ -12,3 +12,4 @@ set_prop(hal_audio_default, vendor_audio_prop) allow hal_audio_default audio_socket:sock_file rw_file_perms; allow hal_audio_default system_suspend_hwservice:hwservice_manager find; +allow hal_audio_default vendor_diag_device:chr_file { read write }; \ No newline at end of file diff --git a/sepolicy/vendor/hal_graphics_composer_default.te b/sepolicy/vendor/hal_graphics_composer_default.te new file mode 100644 index 0000000..765e395 --- /dev/null +++ b/sepolicy/vendor/hal_graphics_composer_default.te @@ -0,0 +1 @@ +allow hal_graphics_composer_default vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/mi_thermald.te b/sepolicy/vendor/mi_thermald.te index 869d1b9..bc9313a 100644 --- a/sepolicy/vendor/mi_thermald.te +++ b/sepolicy/vendor/mi_thermald.te @@ -15,6 +15,7 @@ r_dir_file(mi_thermald, vendor_sysfs_graphics) r_dir_file(mi_thermald, vendor_sysfs_kgsl) r_dir_file(mi_thermald, sysfs_leds) r_dir_file(mi_thermald, sysfs_thermal) +r_dir_file(mi_thermald, sysfs) # Allow mi_thermald to read and write to sysfs_* allow mi_thermald { @@ -23,6 +24,7 @@ allow mi_thermald { vendor_sysfs_graphics vendor_sysfs_kgsl sysfs_thermal + sysfs }:{ file lnk_file diff --git a/sepolicy/vendor/rild.te b/sepolicy/vendor/rild.te index 0c072df..deb3879 100644 --- a/sepolicy/vendor/rild.te +++ b/sepolicy/vendor/rild.te @@ -1 +1,3 @@ set_prop(rild, deviceid_prop) +get_prop(rild, vendor_pd_locater_dbg_prop) +allow rild vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/system_server.te b/sepolicy/vendor/system_server.te index 7c0754b..ac783bd 100644 --- a/sepolicy/vendor/system_server.te +++ b/sepolicy/vendor/system_server.te @@ -1,5 +1,6 @@ allow system_server proc_last_kmsg:file r_file_perms; allow system_server vendor_sysfs_battery_supply:file { getattr open read }; - +allow system_server system_server:capability { sys_module }; +allow system_server vendor_proc_shs:dir search; get_prop(system_server, vendor_display_notch_prop) diff --git a/sepolicy/vendor/turbo_adapter.te b/sepolicy/vendor/turbo_adapter.te new file mode 100644 index 0000000..d51953b --- /dev/null +++ b/sepolicy/vendor/turbo_adapter.te @@ -0,0 +1 @@ +dontaudit turbo_adapter default_android_hwservice:hwservice_manager { find }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_dpmd.te b/sepolicy/vendor/vendor_dpmd.te new file mode 100644 index 0000000..fb714ab --- /dev/null +++ b/sepolicy/vendor/vendor_dpmd.te @@ -0,0 +1 @@ +allow vendor_dpmd vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_hal_imsrtp.te b/sepolicy/vendor/vendor_hal_imsrtp.te new file mode 100644 index 0000000..2b0bb11 --- /dev/null +++ b/sepolicy/vendor/vendor_hal_imsrtp.te @@ -0,0 +1 @@ +allow vendor_hal_imsrtp vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_hal_rcsservice.te b/sepolicy/vendor/vendor_hal_rcsservice.te new file mode 100644 index 0000000..0dce3e0 --- /dev/null +++ b/sepolicy/vendor/vendor_hal_rcsservice.te @@ -0,0 +1 @@ +allow vendor_hal_rcsservice vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_ims.te b/sepolicy/vendor/vendor_ims.te new file mode 100644 index 0000000..8f775e6 --- /dev/null +++ b/sepolicy/vendor/vendor_ims.te @@ -0,0 +1 @@ +allow vendor_ims vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file diff --git a/sepolicy/vendor/vendor_qtidataservices_app.te b/sepolicy/vendor/vendor_qtidataservices_app.te new file mode 100644 index 0000000..de48543 --- /dev/null +++ b/sepolicy/vendor/vendor_qtidataservices_app.te @@ -0,0 +1,3 @@ +allow vendor_qtidataservices_app unlabeled:file { read }; + +get_prop(vendor_qtidataservices_app, vendor_default_prop) \ No newline at end of file diff --git a/sepolicy/vendor/vendor_sensors_qti.te b/sepolicy/vendor/vendor_sensors_qti.te new file mode 100644 index 0000000..5b6076b --- /dev/null +++ b/sepolicy/vendor/vendor_sensors_qti.te @@ -0,0 +1 @@ +allow vendor_sensors_qti vendor_diag_device:chr_file { open read write ioctl }; \ No newline at end of file