pa-fazil
/
android_device_qcom_common
mirror of https://github.com/fazilsheik96/android_device_qcom_common.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

sepolicy: legacy: isolated_app >>> isolated_app_all 

[1] - Follow changes from LA_AU.VENDOR14 vndr

Change-Id: I0fce4f8813566ed11ff701b996ff27e75f199223
Signed-off-by: chrisl7 <wandersonrodriguesf1@gmail.com>
This commit is contained in:
chrisl7 2023-11-07 00:21:31 +00:00 committed by CHRISL7
parent b50135fb76
commit 16ab1d68d2
3 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sepolicy/legacy/vendor/common/domain.te vendored
View File

@ -25,10 +25,10 @@
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_socinfo);
r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_soc);
r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_esoc);
r_dir_file({domain - isolated_app - untrusted_app_all }, sysfs_ssr);
r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_socinfo);
r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_soc);
r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_esoc);
r_dir_file({domain - isolated_app_all - untrusted_app_all }, sysfs_ssr);
#Reding of standard chip details need this
allow untrusted_app_all {
@ -37,12 +37,12 @@ allow untrusted_app_all {
sysfs_esoc
sysfs_ssr
}:dir search;
r_dir_file({domain - isolated_app }, vendor_sysfs_public);
r_dir_file({domain - isolated_app_all }, vendor_sysfs_public);
dontaudit domain kernel:system module_request;
# Allow all domains read access to sysfs_thermal
r_dir_file({domain - isolated_app}, sysfs_thermal);
r_dir_file({domain - isolated_app_all}, sysfs_thermal);
# Allow domain to read /vendor -> /system/vendor
allow domain system_file:lnk_file getattr;
@ -77,6 +77,6 @@ get_prop(domain, vendor_public_vendor_default_prop)
allow domain qti_debugfs:dir search;
# allow all context to read sysfs_kgsl
allow { domain - isolated_app } sysfs_kgsl:dir search;
allow { domain - isolated_app_all } sysfs_kgsl:dir search;
# allow all context to read gpu model
allow { domain - isolated_app } sysfs_kgsl_gpu_model:file r_file_perms;
allow { domain - isolated_app_all } sysfs_kgsl_gpu_model:file r_file_perms;

2
sepolicy/legacy/vendor/common/hal_drm_clearkey.te vendored
View File

@ -35,4 +35,4 @@ hal_server_domain(hal_drm_clearkey, hal_drm)
vndbinder_use(hal_drm_clearkey);
allow hal_drm_clearkey { appdomain -isolated_app }:fd use;
allow hal_drm_clearkey { appdomain -isolated_app_all }:fd use;

2
sepolicy/legacy/vendor/common/hal_drm_widevine.te vendored
View File

@ -33,7 +33,7 @@ type hal_drm_widevine_exec, exec_type, vendor_file_type, file_type;
init_daemon_domain(hal_drm_widevine)
allow hal_drm_widevine mediacodec:fd use;
allow hal_drm_widevine { appdomain -isolated_app }:fd use;
allow hal_drm_widevine { appdomain -isolated_app_all }:fd use;
# The QTI DRM-HAL implementation uses a vendor-binder service provided
# by the HWC HAL.