sm8150-common: {sepolicy,rootdir}: Address denials in DeviceSettings
Guides that helped fix these: - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/rhlcommon-section-0023.html - https://msfjarvis.website/posts/understanding-and-resolving-selinux-denials-on-android - https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/SELinux_Guide/selg-part-0057.html Signed-off-by: Anirudh Gupta <anirudhgupta109@aosip.dev>
This commit is contained in:
Anirudh Gupta
Anirudh Gupta
parent
756dd639af
commit
502ed6474f
|
|
@ -76,6 +76,8 @@ on init
|
||||||
|
|
||||||
on post-fs
|
on post-fs
|
||||||
chmod 0755 /sys/kernel/debug/tracing
|
chmod 0755 /sys/kernel/debug/tracing
|
||||||
|
# Vibrator
|
||||||
|
chown system system /sys/devices/platform/soc/89c000.i2c/i2c-2/2-005a/leds/vibrator/level
|
||||||
|
|
||||||
on early-boot
|
on early-boot
|
||||||
# set RLIMIT_MEMLOCK to 64MB
|
# set RLIMIT_MEMLOCK to 64MB
|
||||||
|
|
@ -168,6 +170,31 @@ on boot
|
||||||
chmod 0666 /dev/qseecom
|
chmod 0666 /dev/qseecom
|
||||||
chmod 0666 /dev/goodix_fp
|
chmod 0666 /dev/goodix_fp
|
||||||
|
|
||||||
|
# Graphics
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/modes
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/modes
|
||||||
|
# DCI-P3
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_p3_mode
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_p3_mode
|
||||||
|
# sRGB
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_srgb_color_mode
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_srgb_color_mode
|
||||||
|
# Wide Colour mode
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_wide_color_mode
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_wide_color_mode
|
||||||
|
# Night mode
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/night_mode
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/night_mode
|
||||||
|
# High Brightness Mode
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm
|
||||||
|
# DC-Dimming
|
||||||
|
chmod 0660 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dimlayer_bl_en
|
||||||
|
chown system system /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dimlayer_bl_en
|
||||||
|
# FPS Info
|
||||||
|
chown system graphics /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps
|
||||||
|
chmod 0666 /sys/devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/sde-crtc-0/measured_fps
|
||||||
|
|
||||||
chown bluetooth net_bt /sys/class/rfkill/rfkill0/device/extldo
|
chown bluetooth net_bt /sys/class/rfkill/rfkill0/device/extldo
|
||||||
chmod 0660 /sys/class/rfkill/rfkill0/device/extldo
|
chmod 0660 /sys/class/rfkill/rfkill0/device/extldo
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,20 @@
|
||||||
genfscon proc /sensor u:object_r:proc_sensor:s0
|
genfscon proc /sensor u:object_r:proc_sensor:s0
|
||||||
genfscon proc /touchpanel u:object_r:proc_touchpanel:s0
|
genfscon proc /touchpanel u:object_r:proc_touchpanel:s0
|
||||||
genfscon proc /ultrasound u:object_r:proc_ultrasound:s0
|
genfscon proc /ultrasound u:object_r:proc_ultrasound:s0
|
||||||
|
|
||||||
genfscon sysfs /devices/platform/soc/89c000.i2c/i2c-2/2-005a/leds/vibrator u:object_r:sysfs_vibrator:s0
|
genfscon sysfs /devices/platform/soc/89c000.i2c/i2c-2/2-005a/leds/vibrator u:object_r:sysfs_vibrator:s0
|
||||||
|
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/aod u:object_r:sysfs_aod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/aod u:object_r:sysfs_aod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/aod_disable u:object_r:sysfs_aod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/aod_disable u:object_r:sysfs_aod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dim_alpha u:object_r:sysfs_fod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dim_alpha u:object_r:sysfs_fod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/dimlayer_bl_en u:object_r:sysfs_aod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_fod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/hbm u:object_r:sysfs_fod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_customer_srgb_mode u:object_r:sysfs_aod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_customer_p3_mode u:object_r:sysfs_aod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_p3_mode u:object_r:sysfs_aod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_srgb_color_mode u:object_r:sysfs_aod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/native_display_wide_color_mode u:object_r:sysfs_aod:s0
|
||||||
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/night_mode u:object_r:sysfs_aod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_aod u:object_r:sysfs_aod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_aod u:object_r:sysfs_aod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim u:object_r:sysfs_fod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_dim u:object_r:sysfs_fod:s0
|
||||||
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress u:object_r:sysfs_fod:s0
|
genfscon sysfs /devices/platform/soc/ae00000.qcom,mdss_mdp/drm/card0/card0-DSI-1/notify_fppress u:object_r:sysfs_fod:s0
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
# Allow system_app to read and write to sysfs_vibrator
|
||||||
|
allow system_app sysfs_vibrator:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow system_app to read directories and attributes of sysfs_vibrator
|
||||||
|
allow system_app sysfs_vibrator:dir r_dir_perms;
|
||||||
|
|
||||||
|
# Allow system_app to read and write to sysfs_aod
|
||||||
|
allow system_app sysfs_aod:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow system_app to read and write to sysfs_fod
|
||||||
|
allow system_app sysfs_fod:file rw_file_perms;
|
||||||
|
|
||||||
|
# Allow system_app to read, open and get attributes of sysfs_graphics
|
||||||
|
allow system_app sysfs_graphics:file { getattr open read };
|
||||||
Loading…
Reference in New Issue