msm8953-common: Update sepolicy for P

Change-Id: Iad4dfe5bce333b2e94e794097314187caa4c5918

msm8953-common: Update sepolicy for P
2f6d9c4c · Artem Borisov · 729852a2 · 2f6d9c4c · 2f6d9c4c · 2f6d9c4c
Commit 2f6d9c4c authored 6 years ago by Artem Borisov
--- a/sepolicy/app.te
+++ b/sepolicy/app.te
+# Allow appdomain to get vendor_camera_prop
+get_prop(appdomain, vendor_camera_prop)
+
--- a/sepolicy/file.te
+++ b/sepolicy/file.te
+# Boot reason
+type proc_boot_reason, fs_type;
+
 # Camera
 type camera_socket, file_type, data_file_type;


--- a/sepolicy/file_contexts
+++ b/sepolicy/file_contexts
+# Audio
+/data/vendor/misc/audio(/.*)?         u:object_r:vendor_audio_data_file:s0
+
 # Camera
 /data/camera(/.*)?                    u:object_r:camera_socket:s0

+# Connectivity
+/data/connectivity(/.*)?              u:object_r:cnd_data_file:s0
+
 # Fpc Fingerprint
 /data/fpc(/.*)?					u:object_r:fpc_data_file:s0
 /dev/socket/fpce(/.*)?				u:object_r:fpce_socket:s0
@@ -11,6 +17,12 @@
 /data/gf_data(/.*)?                             u:object_r:gx_fpd_data_file:s0
 /persist/data/gxfp(/.*)?			u:object_r:gx_fpd_data_file:s0

+# HALs
+/(vendor|system/vendor)/bin/hw/android\.hardware\.drm@1\.0-service\.widevine         u:object_r:hal_drm_widevine_exec:s0
+
+# Location
+/data/vendor/location/xtra/socket_hal_xtra    u:object_r:location_socket:s0
+
 # Rild
 /(vendor|system/vendor)/radio/qcril_database/qcril.db			u:object_r:rild_file:s0


--- a/sepolicy/genfs_contexts
+++ b/sepolicy/genfs_contexts
+# Boot reason
+genfscon proc  /sys/kernel/boot_reason   u:object_r:proc_boot_reason:s0
+
+# Power
+genfscon sysfs /devices/soc/soc:qcom,bcl/power_supply                u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/soc/msm-bcl-21/power_supply                  u:object_r:sysfs_batteryinfo:s0
+genfscon sysfs /devices/soc/qpnp-typec-9/power_supply                  u:object_r:sysfs_batteryinfo:s0
+
 # Rmt
 genfscon debugfs /rmt_storage	u:object_r:debugfs_rmt:s0

+# SSR
+genfscon sysfs /devices/soc/soc:qcom,kgsl-hyp/subsys0/name   u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/1de0000.qcom,venus/subsys1/name  u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/c200000.qcom,lpass/subsys2/name  u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/a21b000.qcom,pronto/subsys3/name u:object_r:sysfs_ssr:s0
+genfscon sysfs /devices/soc/4080000.qcom,mss/subsys4/name    u:object_r:sysfs_ssr:s0
+
 # Touchscreen
 genfscon proc /touchpanel	u:object_r:proc_touchpanel:s0
--- a/sepolicy/hal_drm_default.te
+++ b/sepolicy/hal_drm_default.te
+allow hal_drm_default media_data_file:dir create_dir_perms;
+allow hal_drm_default media_data_file:file create_file_perms;
--- a/sepolicy/hal_drm_widevine.te
+++ b/sepolicy/hal_drm_widevine.te
+allow hal_drm_widevine media_data_file:dir create_dir_perms;
+allow hal_drm_widevine media_data_file:file create_file_perms;
--- a/sepolicy/init.te
+++ b/sepolicy/init.te
+allow init proc_boot_reason:file r_file_perms;
--- a/sepolicy/mm-qcamerad.te
+++ b/sepolicy/mm-qcamerad.te
@@ -3,3 +3,5 @@ type_transition mm-qcamerad camera_data_file:sock_file camera_socket "cam_socket
 allow mm-qcamerad camera_socket:dir w_dir_perms;
 allow mm-qcamerad camera_socket:sock_file { create unlink write };
 allow mm-qcamerad sysfs_graphics:file r_file_perms;
+allow mm-qcamerad camera_data_file:file create_file_perms;
+allow mm-qcamerad camera_data_file:dir w_dir_perms;
--- a/sepolicy/netmgrd.te
+++ b/sepolicy/netmgrd.te
+set_prop(netmgrd, vendor_xlat_prop)
--- a/sepolicy/property_contexts
+++ b/sepolicy/property_contexts
+sys.listeners.registered   u:object_r:vendor_tee_listener_prop:s0
+sys.post_boot.parsed       u:object_r:vendor_mpctl_prop:s0
+persist.net.doxlat         u:object_r:vendor_xlat_prop:s0
+camera.dual.mode           u:object_r:camera_prop:s0
--- a/sepolicy/qti_init_shell.te
+++ b/sepolicy/qti_init_shell.te
-allow qti_init_shell proc_touchpanel:dir { rw_dir_perms setattr };
+allow qti_init_shell proc_touchpanel:dir { r_dir_perms setattr };
 allow qti_init_shell proc_touchpanel:file { getattr setattr };
 allow qti_init_shell bluetooth_data_file:file r_file_perms;
 allow qti_init_shell hci_attach_dev:chr_file rw_file_perms;
--- a/sepolicy/system_server.te
+++ b/sepolicy/system_server.te
+get_prop(system_server, vendor_camera_prop)
+
 allow system_server proc_touchpanel:dir search;
 allow system_server proc_touchpanel:file rw_file_perms;
--- a/sepolicy/time_daemon.te
+++ b/sepolicy/time_daemon.te
+allow time_daemon time_data_file:file create_file_perms;
+allow time_daemon time_data_file:dir w_dir_perms;
--- a/sepolicy/vendor_init.te
+++ b/sepolicy/vendor_init.te
+allow vendor_init {
+  bluetooth_data_file
+  camera_data_file
+  media_rw_data_file
+  nfc_data_file
+  system_data_file
+  time_data_file
+  wifi_data_file
+  wpa_socket
+}:dir { create search getattr open read setattr ioctl write add_name remove_name rmdir relabelfrom };