sm8150-common: sepolicy: Fix build errors

Change-Id: I134769ab240097f779cc6bb4254ef1a0ab90b101
2020-10-12 20:40:21 +02:00 · 2020-10-12 20:40:21 +02:00 · 75b9567bed
parent fc5247f4d8
commit 75b9567bed
17 changed files with 24 additions and 28 deletions
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@ -31,7 +31,7 @@
 # HALs
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.oneplus_msmnile           u:object_r:hal_fingerprint_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.oneplus_msmnile                             u:object_r:hal_light_default_exec:s0
-/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-qti                                 u:object_r:hal_neuralnetworks_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.neuralnetworks@1\.1-service-qti                                 u:object_r:vendor_hal_neuralnetworks_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.secure_element@1\.1-service                                     u:object_r:hal_secure_element_default_exec:s0
 /(vendor|system/vendor)/bin/hw/android\.hardware\.sensors@1\.0-service\.oneplus_msmnile                           u:object_r:hal_sensors_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.dolby\.hardware\.dms@1\.0-service                                          u:object_r:hal_dms_default_exec:s0
@ -40,7 +40,7 @@
 /(vendor|system/vendor)/bin/hw/vendor\.lineage\.touch@1\.0-service\.oneplus_msmnile                               u:object_r:hal_lineage_touch_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oneplus\.camera\.CameraHIDL@1\.0-service                                   u:object_r:hal_cameraHIDL_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.display@1\.0-service                                    u:object_r:hal_display_default_exec:s0
-/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.drmkey@1\.0-service                                     u:object_r:hal_drm_widevine_exec:s0
+/(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.drmkey@1\.0-service                                     u:object_r:vendor_hal_drm_widevine_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.hdcpkey@1\.0-service                                    u:object_r:hal_hdcpkey_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.ifaa@2\.0-service                                       u:object_r:hal_ifaa_default_exec:s0
 /(vendor|system/vendor)/bin/hw/vendor\.oneplus\.hardware\.param@1\.0-service                                      u:object_r:hal_param_default_exec:s0
@ -64,7 +64,7 @@
 /sys/devices/platform/soc/soc:fingerprint_detect/sensor_version    u:object_r:sysfs_fpc:s0
 /sys/devices/platform/soc/soc:tri_state_key/hall_data_calib        u:object_r:sysfs_tri_state_key:s0
 /sys/devices/platform/vendor/vendor:motor_pl(/.*)?                 u:object_r:sysfs_motor:s0
-/sys/elliptic/engine/calibration_v2                                u:object_r:sysfs_audio:s0
+/sys/elliptic/engine/calibration_v2                                u:object_r:vendor_sysfs_audio:s0
 /sys/firmware/devicetree/base/model                                u:object_r:sysfs_dtb_model:s0
 /sys/module/fsc(/.*)?                                              u:object_r:sysfs_fsc:s0
 /sys/module/stmvl53l1(/.*)?                                        u:object_r:sysfs_vl53l1:s0
--- a/sepolicy/vendor/hal_drm_widevine_default.te
+++ b/sepolicy/vendor/hal_drm_widevine_default.te
@ -1,2 +0,0 @@
-# Allow hal_drm_widevine to add hal_drmkey_hwservice
-allow hal_drm_widevine hal_drmkey_hwservice:hwservice_manager add;
--- a/sepolicy/vendor/hal_fingerprint_default.te
+++ b/sepolicy/vendor/hal_fingerprint_default.te
@ -3,20 +3,20 @@ allow hal_fingerprint_default self:netlink_socket create_socket_perms_no_ioctl;
 # Allow binder communication with hal_perf_default
 binder_call(hal_fingerprint_default, hal_perf_default)

-# Allow hal_fingerprint_default to find hal_perf_hwservice
-allow hal_fingerprint_default hal_perf_hwservice:hwservice_manager find;
+# Allow hal_fingerprint_default to find vendor_hal_perf_hwservice
+allow hal_fingerprint_default vendor_hal_perf_hwservice:hwservice_manager find;

 # Allow hal_fingerprint_default to read and write to fingerprintd_device
 allow hal_fingerprint_default fingerprintd_device:chr_file rw_file_perms;

-# Allow hal_fingerprint_default to read and write to qdsp_device
-allow hal_fingerprint_default qdsp_device:chr_file rw_file_perms;
+# Allow hal_fingerprint_default to read and write to vendor_qdsp_device
+allow hal_fingerprint_default vendor_qdsp_device:chr_file rw_file_perms;

 # Allow hal_fingerprint_default to read and write to tee_device
 allow hal_fingerprint_default tee_device:chr_file rw_file_perms;

-# Allow hal_fingerprint_default to read and write to xdsp_device
-allow hal_fingerprint_default xdsp_device:chr_file rw_file_perms;
+# Allow hal_fingerprint_default to read and write to vendor_xdsp_device
+allow hal_fingerprint_default vendor_xdsp_device:chr_file rw_file_perms;

 # Allow hal_fingerprint_default to read and write to proc_touchpanel
 allow hal_fingerprint_default proc_touchpanel:dir search;
--- a/sepolicy/vendor/hal_nfc_default.te
+++ b/sepolicy/vendor/hal_nfc_default.te
@ -8,9 +8,9 @@ allow hal_nfc_default hal_secure_element_hwservice:hwservice_manager find;
 allow hal_nfc_default proc_touchpanel:dir search;
 allow hal_nfc_default proc_touchpanel:file rw_file_perms;

-# Allow hal_nfc_default to read, write and create files in nfc_vendor_data_file
-allow hal_nfc_default nfc_vendor_data_file:dir search;
-allow hal_nfc_default nfc_vendor_data_file:file create_file_perms;
+# Allow hal_nfc_default to read, write and create files in vendor_nfc_vendor_data_file
+allow hal_nfc_default vendor_nfc_vendor_data_file:dir search;
+allow hal_nfc_default vendor_nfc_vendor_data_file:file create_file_perms;

 # Allow hal_nfc_default to get vendor_nfc_prop
 get_prop(hal_nfc_default, vendor_nfc_prop)
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@ -1,3 +1,2 @@
 type vendor_memplus_prop, property_type;
 type vendor_nfc_prop, property_type;
-type vendor_sensors_prop, property_type;
--- a/sepolicy/vendor/rmt_storage.te
+++ b/sepolicy/vendor/rmt_storage.te
@ -1,2 +0,0 @@
-# Allow rmt_storage to read and write to oem_block_device
-allow rmt_storage oem_block_device:blk_file rw_file_perms;
--- a/sepolicy/vendor/sensors.te
+++ b/sepolicy/vendor/sensors.te
@ -1,2 +0,0 @@
-# Allow sensors to get vendor_sensors_prop
-get_prop(sensors, vendor_sensors_prop)
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@ -12,6 +12,3 @@ allow system_app sysfs_fod:file rw_file_perms;

 # Allow system_app to read, open and get attributes of sysfs_graphics
 allow system_app sysfs_graphics:file { getattr open read };
-
-# allow system_app to interact with pasr hal
-hal_client_domain(system_app, hal_pasrmanager)
--- a/sepolicy/vendor/time_daemon.te
+++ b/sepolicy/vendor/time_daemon.te
@ -1 +0,0 @@
-allow time_daemon self:capability { setgid setuid };
--- a/sepolicy/vendor/vendor_hal_drm_widevine_default.te
+++ b/sepolicy/vendor/vendor_hal_drm_widevine_default.te
@ -0,0 +1,2 @@
+# Allow vendor_hal_drm_widevine to add hal_drmkey_hwservice
+allow vendor_hal_drm_widevine hal_drmkey_hwservice:hwservice_manager add;
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@ -5,7 +5,7 @@ allow vendor_init ion_device:chr_file rw_file_perms;
 allow vendor_init tee_device:chr_file rw_file_perms;

 # Allow vendor_init to write to sysfs_ssr_toggl
-allow vendor_init sysfs_ssr_toggle:file w_file_perms;
+allow vendor_init vendor_sysfs_ssr_toggle:file w_file_perms;

 # Allow init to create tmpfs
 allow vendor_init tmpfs:dir create_dir_perms;
--- a/sepolicy/vendor/vendor_qti_init_shell.te
+++ b/sepolicy/vendor/vendor_qti_init_shell.te
@ -1,8 +1,8 @@
 # Allow vendor_qti_init_shell to write to sysfs_fsc
 allow vendor_qti_init_shell sysfs_fsc:file w_file_perms;

-# Allow vendor_qti_init_shell to write to sysfs_scsi_host
-allow vendor_qti_init_shell sysfs_scsi_host:file w_file_perms;
+# Allow vendor_qti_init_shell to write to vendor_sysfs_scsi_host
+allow vendor_qti_init_shell vendor_sysfs_scsi_host:file w_file_perms;

 # Allow vendor_qti_init_shell to get vendor_memplus_prop
 get_prop(vendor_qti_init_shell, vendor_memplus_prop)
--- a/sepolicy/vendor/vendor_rmt_storage.te
+++ b/sepolicy/vendor/vendor_rmt_storage.te
@ -0,0 +1,2 @@
+# Allow vendor_rmt_storage to read and write to oem_block_device
+allow vendor_rmt_storage oem_block_device:blk_file rw_file_perms;
--- a/sepolicy/vendor/vendor_sensors.te
+++ b/sepolicy/vendor/vendor_sensors.te
@ -0,0 +1,2 @@
+# Allow vendor_sensors to get vendor_sensors_prop
+get_prop(vendor_sensors, vendor_sensors_prop)
--- a/sepolicy/vendor/vendor_time_daemon.te
+++ b/sepolicy/vendor/vendor_time_daemon.te
@ -0,0 +1 @@
+allow vendor_time_daemon self:capability { setgid setuid };
--- a/sepolicy/vendor/vendor_wcnss_service.te
+++ b/sepolicy/vendor/vendor_wcnss_service.te
@ -0,0 +1,2 @@
+# Allow vendor_wcnss_service to read files in sysfs_project_info
+r_dir_file(vendor_wcnss_service, sysfs_project_info)
--- a/sepolicy/vendor/wcnss_service.te
+++ b/sepolicy/vendor/wcnss_service.te
@ -1,2 +0,0 @@
-# Allow wcnss_service to read files in sysfs_project_info
-r_dir_file(wcnss_service, sysfs_project_info)
				`@ -1 +0,0 @@`
				`allow time_daemon self:capability { setgid setuid };`
				`@ -0,0 +1 @@`
				`allow vendor_time_daemon self:capability { setgid setuid };`