sm7250-common: sepolicy: Properly address multiple denials
This commit is contained in:
parent
1ea059b2ea
commit
dd25b98a11
1
sepolicy/vendor/hal_audio_default.te
vendored
1
sepolicy/vendor/hal_audio_default.te
vendored
@ -12,3 +12,4 @@ set_prop(hal_audio_default, vendor_audio_prop)
|
|||||||
|
|
||||||
allow hal_audio_default audio_socket:sock_file rw_file_perms;
|
allow hal_audio_default audio_socket:sock_file rw_file_perms;
|
||||||
allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
|
allow hal_audio_default system_suspend_hwservice:hwservice_manager find;
|
||||||
|
allow hal_audio_default vendor_diag_device:chr_file { read write };
|
1
sepolicy/vendor/hal_graphics_composer_default.te
vendored
Normal file
1
sepolicy/vendor/hal_graphics_composer_default.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow hal_graphics_composer_default vendor_diag_device:chr_file { open read write ioctl };
|
2
sepolicy/vendor/mi_thermald.te
vendored
2
sepolicy/vendor/mi_thermald.te
vendored
@ -15,6 +15,7 @@ r_dir_file(mi_thermald, vendor_sysfs_graphics)
|
|||||||
r_dir_file(mi_thermald, vendor_sysfs_kgsl)
|
r_dir_file(mi_thermald, vendor_sysfs_kgsl)
|
||||||
r_dir_file(mi_thermald, sysfs_leds)
|
r_dir_file(mi_thermald, sysfs_leds)
|
||||||
r_dir_file(mi_thermald, sysfs_thermal)
|
r_dir_file(mi_thermald, sysfs_thermal)
|
||||||
|
r_dir_file(mi_thermald, sysfs)
|
||||||
|
|
||||||
# Allow mi_thermald to read and write to sysfs_*
|
# Allow mi_thermald to read and write to sysfs_*
|
||||||
allow mi_thermald {
|
allow mi_thermald {
|
||||||
@ -23,6 +24,7 @@ allow mi_thermald {
|
|||||||
vendor_sysfs_graphics
|
vendor_sysfs_graphics
|
||||||
vendor_sysfs_kgsl
|
vendor_sysfs_kgsl
|
||||||
sysfs_thermal
|
sysfs_thermal
|
||||||
|
sysfs
|
||||||
}:{
|
}:{
|
||||||
file
|
file
|
||||||
lnk_file
|
lnk_file
|
||||||
|
2
sepolicy/vendor/rild.te
vendored
2
sepolicy/vendor/rild.te
vendored
@ -1 +1,3 @@
|
|||||||
set_prop(rild, deviceid_prop)
|
set_prop(rild, deviceid_prop)
|
||||||
|
get_prop(rild, vendor_pd_locater_dbg_prop)
|
||||||
|
allow rild vendor_diag_device:chr_file { open read write ioctl };
|
3
sepolicy/vendor/system_server.te
vendored
3
sepolicy/vendor/system_server.te
vendored
@ -1,5 +1,6 @@
|
|||||||
allow system_server proc_last_kmsg:file r_file_perms;
|
allow system_server proc_last_kmsg:file r_file_perms;
|
||||||
|
|
||||||
allow system_server vendor_sysfs_battery_supply:file { getattr open read };
|
allow system_server vendor_sysfs_battery_supply:file { getattr open read };
|
||||||
|
allow system_server system_server:capability { sys_module };
|
||||||
|
allow system_server vendor_proc_shs:dir search;
|
||||||
get_prop(system_server, vendor_display_notch_prop)
|
get_prop(system_server, vendor_display_notch_prop)
|
||||||
|
1
sepolicy/vendor/turbo_adapter.te
vendored
Normal file
1
sepolicy/vendor/turbo_adapter.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
dontaudit turbo_adapter default_android_hwservice:hwservice_manager { find };
|
1
sepolicy/vendor/vendor_dpmd.te
vendored
Normal file
1
sepolicy/vendor/vendor_dpmd.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow vendor_dpmd vendor_diag_device:chr_file { open read write ioctl };
|
1
sepolicy/vendor/vendor_hal_imsrtp.te
vendored
Normal file
1
sepolicy/vendor/vendor_hal_imsrtp.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow vendor_hal_imsrtp vendor_diag_device:chr_file { open read write ioctl };
|
1
sepolicy/vendor/vendor_hal_rcsservice.te
vendored
Normal file
1
sepolicy/vendor/vendor_hal_rcsservice.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow vendor_hal_rcsservice vendor_diag_device:chr_file { open read write ioctl };
|
1
sepolicy/vendor/vendor_ims.te
vendored
Normal file
1
sepolicy/vendor/vendor_ims.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow vendor_ims vendor_diag_device:chr_file { open read write ioctl };
|
3
sepolicy/vendor/vendor_qtidataservices_app.te
vendored
Normal file
3
sepolicy/vendor/vendor_qtidataservices_app.te
vendored
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
allow vendor_qtidataservices_app unlabeled:file { read };
|
||||||
|
|
||||||
|
get_prop(vendor_qtidataservices_app, vendor_default_prop)
|
1
sepolicy/vendor/vendor_sensors_qti.te
vendored
Normal file
1
sepolicy/vendor/vendor_sensors_qti.te
vendored
Normal file
@ -0,0 +1 @@
|
|||||||
|
allow vendor_sensors_qti vendor_diag_device:chr_file { open read write ioctl };
|
Loading…
Reference in New Issue
Block a user